Skip to main content

New research shows cryptographic vulnerabilities on popular messaging platform, Telegram

New research shows cryptographic vulnerabilities on popular messaging platform, Telegram

  • Date16 July 2021

Researchers from Royal Holloway, University of London are part of a team who have completed a substantial security analysis of the encryption protocol used by the popular messaging platform, Telegram, with over half a billion monthly active users.

paper plane

Cryptography is the science protecting information from eavesdropping or tampering. We use it every day when we browse the web, make a bank transaction or chat on WhatsApp or Telegram. Cryptographers secure computer and information technology systems by creating and studying, for example, algorithms for encryption or for digital signatures.

As a result of their work, the researchers found several cryptographic weaknesses in the protocol that ranged from technically trivial and easy to exploit, to more advanced.

The team included Chair of Information Security and Director of the Cryptography Group, Professor Martin Albrecht and PhD researcher, Lenka Mareková, from the Information Security Group (ISG) at Royal Holloway, along with Professor Kenneth G. Paterson and Dr Igors Stepanovs, from the Applied Cryptography Group at ETH Zurich.

Talking about the findings, Professor Martin Albrecht, said: “The results from our analysis show that for most users, the immediate risk is low, but these vulnerabilities highlight that prior to our work, Telegram fell short of the cryptographic guarantees given by other deployed cryptographic protocols such as Transport Layer Security (TLS).”

TLS is a cryptographic protocol designed to provide communications security over a computer network and is widely used in applications such as web browsing, instant messaging and email.

He added: “Our work was motivated by other research we have recently done in the Information Security Group at Royal Holloway, which examined the use of technology by participants in large-scale protests such as those seen in 2019/2020 in Hong Kong. Our findings were that protesters critically relied on Telegram to coordinate their activities, but that Telegram had not received a security check from cryptographers.”

Telegram uses its bespoke ‘MTProto’ protocol to secure communication between its users and its servers as a replacement for the industry standard TLS protocol.

By default, Telegram only offers a basic level of protection by encrypting traffic between clients and servers. In contrast, end-to-end encryption, which would protect communication also from the prying eyes of Telegram employees or anyone who breaks into Telegram's servers, is only optional and not available for group chats. Since prior research indicated that many users in higher risk environments rely on these group chats, the research team focussed their efforts on the use of MTProto to secure communication between Telegram clients and servers.

For more information on the vulnerabilities that were discovered, click here.

However, the results also show that Telegram’s MTProto can provide security comparable to TLS after the changes suggested by the research team were adopted and if special care is taken when implementing the protocol. The Telegram developers have told the research team that they have adopted these changes.

This good news comes with significant caveats:

  1. Cryptographic protocols like MTProto are built from cryptographic building blocks such as hash functions, block ciphers and public-key encryption. In a formal security analysis, the security of the protocol is reduced to the security of its building blocks. This is no different to arguing that a car is road safe if its tires, brakes and indicator lights are fully functional. In the case of Telegram, the security requirements on the building blocks are unusual and because of this, these requirements have not been studied in previous research. Other cryptographic protocols such as TLS do not have to rely on these special assumptions.
  2. The researchers only studied three official Telegram clients and no third-party clients. However, some of these third-party clients have substantial user bases. Here, the brittleness of the MTProto protocol is a cause for concern if the developers of these third-party clients are likely to make mistakes in implementing the protocol in a way that avoids, e.g. the timing leaks mentioned above. Alternative design choices for MTProto would have made the task significantly easier for the developers.

For all results from the analysis, click here.

Related topics

Explore Royal Holloway

Get help paying for your studies at Royal Holloway through a range of scholarships and bursaries.

There are lots of exciting ways to get involved at Royal Holloway. Discover new interests and enjoy existing ones

Heading to university is exciting. Finding the right place to live will get you off to a good start

Whether you need support with your health or practical advice on budgeting or finding part-time work, we can help

Discover more about our 21 departments and schools

Find out why Royal Holloway is in the top 25% of UK universities for research rated ‘world-leading’ or ‘internationally excellent’

They say the two most important days of your life are the day you were born, and the day you find out why

Discover world-class research at Royal Holloway

Discover more about who we are today, and our vision for the future

Royal Holloway began as two pioneering colleges for the education of women in the 19th century, and their spirit lives on today

We’ve played a role in thousands of careers, some of them particularly remarkable

Find about our decision-making processes and the people who lead and manage Royal Holloway today