Enciphering in Telegram
The overview of questions of data encryption in the Telegram messenger.
The main article about the messenger: Telegram
2019: Masking of traffic under the HTTPS protocol
On August 12, 2019 it became known that thanks to recent innovations Telegram traffic can mask under the HTTPS protocol now (TLS + HTTP/2.0) – for this purpose the prefix of a secret of "ee" was added to the code of the client. Also in additives to base16 (hex) there was an opportunity to cipher a secret in the proxy server address using base64.
For August, 2019 in Telegram own MTProto protocol which appeared about a year ago is used – then for it there was an official proxy. In MTProto there are no control headings allowing to identify it. However to reveal use of the protocol, and also the messenger, after all it is possible longwise packets. The matter is that at connection setup between the client and the proxy server there is an exchange of packets of a certain length, and during the work – packets of the same length. It gave to providers the chance to reveal Telegram traffic longwise of the packets transferred on MTProto.
For the solution of the above-stated problem for the purpose of masking of the protocol developers of the messenger added accidental byte to each packet. Nevertheless, this step affected compatibility because of what developers added a prefix of "dd" to a secret.
As Telegram traffic (thanks to what it is successfully blocked in Iran and China using the attacks of repeated reproduction) continued to issue use of MTProto, developers decided to implement in it a possibility of masking under other protocols. In particular, the additional layer of encapsulation over TCP was added, and now data as if "are wrapped" in the record TLS. Also was TLS handshake emulation is implemented[1].
2018
Vulnerability in data encryption
According to the message of December 13, 2018 researchers from Cisco Talos announced vulnerabilities in the popular messengers using enciphering. According to specialists, WhatsApp, Telegram and Signal it is possible to crack using side channel attacks. Read more here.
In the list of the 20 most protected messengers according to Artezio
Artezio analysis department (enters into LANIT group) published on November 26, 2018 the list of 20 messengers capable to provide the high level of privacy. The rating was according to the results of complex testing of programs, at the same time the quality of data encryption and reliability of information security tools were key criteria when forming final expert evaluation, representatives of Artezio reported TAdviser. Telegram was at the third place of the list. Read more here.
Telegram stores correspondence in not encrypted form
On October 31, 2018 it became known that Telegram in the version for desktops saves all correspondence of users on the hard drive without enciphering.
As the expert on security Nathaniel Suchy found out, Telegram uses database SQLite for storage of messages which is not really simple for reading, but which in general is deprived of enciphering. Having analyzed the "crude" data which are previously converted in a format, simpler for viewing, Suchy could find names and phone numbers which can be proassotsiirovat with each other. Even in this type information is difficult to be considered, however several specially written scripts were enough to isolate necessary data, reported century CNews.
The desktop version of Telegram offers password protection to prevent not authorized access to to the application. This option is not connected with enciphering, and at due ability the malefactor can reach chats users and read them. As approves the Bleeping Computer edition, all messages, regardless of that are sent to the general base, the "confidential" mode of correspondence or cloud "chats" is used.
CNews noted that Telegram Desktop does not support confidential chats as such, it is function it is available only in mobile clients. In the Secret Chat Telegram mode regularly ciphers messages and files of investments by transfer; in this mode the end-to-end enciphering excluding a possibility of interception and viewing contents of correspondence by the third party is used. However, at data exchange through a cloud (i.e., not directly), end-to-end enciphering is not used; developers claim that the encryption algorithm protecting channels the client-server and the server client is very reliable, and that correspondence remains in a cloud, the user has an opportunity to browse it from any device.
In the questionnaire of Telegram it is said that the problem with data recovery in the history of chats on the new device (in case of loss smartphone, for example) has no elegant solutions in a paradigm of end-to-end enciphering. At the same time reliable backup - basic function of any messenger for mass market. To solve this problem, some applications (WhatsApp and Viber, in particular) assume deshifruyemy backup copies that privacy their user puts under threat - even if they did not activate function of reserve preserving of data. Other applications in general refuse backup copies.
Further developers specify that they selected "the third way" in which chats are differentiated: when using "cloud" chats backup on client side is turned off, and when using the confidential mode users receive full control over data which storage for them is undesirable (in other words, backup copies remain locally).
The problem is in that, how exactly they remain: judging from the fact that Suish wrote, the storage method at least of a part of archives is far from safe.
"Unfortunately, the unwillingness of editors of media to understand parts of problems with security leads to the fact that readers cease to pay attention to them as a result. And when there are messages about these threats, the user can not attach them significance". |
It is possible, to tell that if a certain malefactor gets a non-authorized access to the computer of the victim, it already deprives of sense of a discussion about security of databases of Telegram, - as well as any other data. There is, however, a number of quite life situations when the message archive in Telegram can flow away on the party: for example, if before sale of the computer its data are deleted not irrevocably, and with an opportunity to recover them. Or the malefactor gets remote access to the computer of the victim (for example, the top manager) and he first of all is interested in his communications, including correspondence contents in Telegram. With such feature of Telegram can prevent the hacker to study these messages little, noted in CNews.
"On the one hand, to compromise correspondence of Telegram in this way, it will be required to crack the computer of the victim, to speak in that case about data security there is no sense at all. However scenarios when contents of correspondence of Telegram are of the greatest interest to potential malefactors, and its leak - the greatest threat to the victim are quite possible. Anyway, multilayer protection will be the most effective and if there is the minimum possibility of a compromise of confidential correspondence of Telegram, it should be eliminated". |
RKN asked to change the Telegram code for receiving encryption keys
Prior to blocking of Telegram FSB and Roskomnadzor within a year tried to convince of Russia company management of Telegram to change architecture of the messenger and to provide keys for decoding of correspondence of users. As consider in departments, the company has for this purpose a technical capability. The representative of Roskomnadzor reported about it in June, 2018 during consideration of the complaint of representatives of Telegram to the decision of Tagansky district court on blocking of service in Russia.
"FSB and Roskomnadzor within a year made attempts to induce Telegram to change architecture of the messenger. We consider that the structure of any messenger can be changed for reduction according to the Russian law. Therefore we consider that Telegram has technical capability to provide keys for decoding", - the statement of the representative of supervising service gives TASS. |
Russian-speaking hackers learned to steal correspondence from the desktop version of Telegram
According to the experts in security of Talos company who detected a problem in two weeks malefactors released two the malware attacking Telegram at once. The first stole login credentials and cookie files from the browser, the second learned to steal Telegram cache containing these correspondences, enciphering key files (and also login credentials to Steam). The malware uploads all these data on several accounts of pcloud.com service - and in not encrypted form[2].
The malefactor - and researchers with a high share of probability identified his personality - selected from quality of a target Telegram desktop version because it does not support the Secret Chats function (confidential chats) and has quite weak default settings. At the same time the malware does not attack any vulnerabilities, only architectural features are operated.
According to explanations of Telegram developers, confidential chats require existence of the permanent data warehouse on the device; at the moment this function is not supported on desktop and web versions. On them the maintenance of chats is tightened from a cloud and reset at shutdown of the client. Confidential chats are not stored in a cloud therefore they would disappear with each shutdown of the computer. At the same time the automatic razloginivaniye in a desktop version of Telegram is not implemented. The combination of these features is also used by a malware.
The former colleague of Durov disclosed the principle of enciphering of messages in Telegram
The former colleague of Pavel Durov, Anton Rosenberg, told in an interview to RT TV channel about the principles of enciphering of the messages which are used in the popular[3].
According to the expert, chats in the application are separated into cloud and confidential. In a case with confidential chats it is impossible to decrypt correspondence as enciphering of messages is end-to-end, i.e. it is performed only on devices of the sender and receiver.
"Telegram does not see message contents, only metadata. It is more reliable, but implementation in Telegram is not really convenient, confidential chats are available only from one device and therefore practically nobody uses them", - Rosenberg noted.
In turn messages in cloud chats are transferred at first to the Telegram servers then are decrypted using the MTProto protocol. In this case correspondence can be decrypted by administration of the messenger.
2016
The German police managed to hack accounts of users of Telegram
Staff of Federal agency of criminal police of Germany (BKA) for the last several years hacks accounts of users in the Telegram messenger. The authoritative edition Motherboard which published an interview with one of the staff of department[4] reported about it[5].
For the first time being considered as completely protected Telegram it was attacked by security officers in 2015. Then for the sake of it the special software which received the name Bundestrojaner was created. Then BKA was succeeded to get access to accounts, group chats and media files which sent each other using the messenger of 8 members of the ultranationalistic grouping planning a hostel arson for migrants.
According to the informer of Motherboard, access was got all in a few minutes after Bundestrojaner attack. 12 days later all members of the group were arrested, soon sentenced them to long terms of the conclusion.
According to the edition, referring to own sources, since then practice of cracking got accustomed: only in 2015 BKA got access to 32 accounts in Telegram, 12 more similar episodes belong to this year. All their owners were suspected or suspected of non-capital offenses: international terrorism, far right terrorism or espionage.
In spite of the fact that similar activity is to some extent regulated by the German legislation (the law granting the right of similar cracking was adopted in 2008), journalists of Motherboard assumed that the separate BKA methods nevertheless can be considered as illegal, abuse cases as Bundestrojaner which use was officially approved in 2016, and other software created on its basis can also take place.
At the same time, the programs used by criminal police of Germany can "read" messages only from not ciphered chats. Against end-to-end enciphering of BKA could think up nothing yet though the special group of programmers conducts over it work.
Creation of the modified versions of Bundestrojaner under specific objectives, according to the interlocutor of Motherboard, does not even require special skill, it is about change of one-two lines of the source code. Commands request resending codes of authentication, masking on remote devices under original Telegram.
Protocol of enciphering MTProto
For security the message of the messenger the MTProto protocol is created. He assumes use of several protocols of enciphering. At authorization and authentication algorithms RSA-2048, DH-2048 for enciphering are used, at transmission of messages of the protocol in network they are ciphered by AES with a key, to the famous client and the server. Are used also cryptographic a hash algorithms of SHA-1 and MD5.
Protection against interception of the sent messages from server side of Telegram is provided in the mode of "confidential" chats (Secret Chats) (it is available since October 8, 2013). In this mode enciphering at which only the sender and the receiver have the general key (end-to-end enciphering), using algorithm AES-256 in the IGE mode (engl. Infinite Garble Extension) for the sent messages is executed. Messages in confidential chats will not be decoded by the server, and the history of correspondence remains only on two devices, initiators of creation of a chat.
Notes
- ↑ Telegram Traffic can mask under the HTTPS protocol now
- ↑ Russian-speaking hackers learned to steal correspondence from Telegram
- ↑ messenger Telegram Former Colleague of Durov disclosed the principle of enciphering of messages in Telegram
- ↑ [http://www.cnews.ru/news/top/2017-12-19_nemetskoj_politsii_udalos_vzlomat_telegram of the German police
- ↑ it was succeeded to crack Telegram]