On the Cryptographic Fragility of the Telegram Ecosystem

OPEN ACCESS

Downloads

Full text (accepted version) (PDF, 384.64 KB)

Author / Producer

Paterson, Kenneth G.

Date

2023-07-10

Publication Type

Conference Paper, Conference Paper

ETH Bibliography

yes

Citations

Altmetric
OPEN ACCESS

Downloads

Full text (accepted version) (PDF, 384.64 KB)

Data

Rights / License

In Copyright - Non-Commercial Use Permitted north_east

Abstract

Telegram is a popular messenger with more than 550 million active users per month and with a large ecosystem of different clients. The wide adoption of Telegram by protestors relying on private and secure messaging provides motivation for developing a profound understanding of its cryptographic design and how this influences its security properties. Telegram has its own bespoke transport layer security protocol, MTProto 2.0. This protocol was recently subjected to a detailed study by Albrecht et al. (IEEE S&P 2022). They gave attacks on the protocol and its implementations, along with a security proof for a modified version of the protocol. We complement that study by analysing a range of third-party client implementations of MTProto 2.0. We report practical replay attacks for the Pyrogram, Telethon and GramJS clients, and a more theoretical timing attack against the MadelineProto client. We show how vulnerable third-party clients can affect the security of the entire ecosystem, including official clients. Our analysis reveals that many third-party clients fail to securely implement MTProto 2.0. We discuss the reasons for these failures, focussing on complications in the design of MTProto 2.0 that lead developers to omit security-critical features or to implement the protocol in an insecure manner. We also discuss changes that could be made to MTProto 2.0 to remedy this situation. Overall, our work highlights the cryptographic fragility of the Telegram ecosystem.

Permanent link

https://doi.org/10.3929/ethz-b-000620789

Publication status

published

External links

https://doi.org/10.1145/3579856.3582811 north_east

Editor

Liu, Joseph north_east Xiang, Yang north_east Nepal, Surya north_east

Book title

ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security

Journal / series

Volume

Pages / Article No.

328 - 341

Publisher

Association for Computing Machinery

Event

18th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2023)

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

Security and privacy; Security protocols; Web application security; Cryptanalysis and other attacks; Telegram; Timing side-channel; Reply attack; Encrypt-and-MAC

Organisational unit

09653 - Paterson, Kenneth / Paterson, Kenneth

Notes

Funding

Related publications and datasets

More

Show all metadata