MTProto Has Since Been Patched
Security researchers identified flaws in messaging app Telegram’s cryptographic protocol, MTProto, that enabled intruders to access encrypted chats and alter the messages. Those flaws have since been patched in updates.
An academic study from researchers at University of London, Royal Holloway, and Applied Cryptography Group at research university ETH Zurich, states that Telegram’s MTProto, which provides end-to-end encryption for messages sent over the platform, was susceptible to hacking via four cryptographic vulnerabilities.
These flaws could have enabled attackers to alter the sequences of the messages sent, identify encrypted messages of a client or a server, recover some plaintext from encrypted messages and wage man-in-the-middle attacks to impersonate the server to the client.
The report notes these flaws, which range from “trivial and easy-to-exploit” to “more advanced,” affect Telegram Android version 7.8.1, version 7.8.3 for iOS and 2.8.8 for Telegram Desktop.
Telegram, which was notified of the flaws in April, patched the vulnerabilities as part of its regular updates, the report notes.
“We were informed by the Telegram developers that they do not do security or bug fix releases except for immediate post-release crash fixes,” the researchers note. “The development team also informed us that they did not wish to issue security advisories at the time of patching, nor commit to release dates for specific fixes. As a consequence, the fixes were rolled out as part of regular Telegram updates.”
The four cryptographic flaws in MTProto were:
- Message alteration: This trivial flaw enabled an attacker to change the order of the messages coming from a client to the server.
- Identifying encrypted messages: This flaw arose from Telegram’s message acknowledgement feature, which notifies the sender that the previous message was received by the recipient. It resulted in leaking of the acknowledgement, allowing intruders to detect which of two special messages was encrypted by a client or a server. Although attacks using the flaw are highly unlikely, the researchers note cryptographic protocols should be designed to prevent such leaks.
- Retrieving plain text: This flaw allows attackers to access some part of the message in plaintext by sending crafted messages to the target. If the flaw was successfully exploited, it could have led to a compromise the confidentiality of Telegram messages.
- Man-in-the-middle attack: This severe flaw allowed attackers to impersonate the server. But an exploit was unlikely because hackers would have had to send millions of messages to the target to wage an effective attack.
“A further caveat of these findings is that we only studied three official Telegram clients and no third-party clients. However, some of these third-party clients have substantial user bases,” the report notes. “Here, the brittleness of the MTProto protocol is a cause for concern if the developers of these third-party clients are likely to make mistakes in implementing the protocol in a way that avoids, e.g. the timing leaks mentioned above. Alternative design choices for MTProto would have made the task significantly easier for the developers.”
Other Telegram Issues
In February, researchers at security firm Cofence discovered a phishing campaign that attempted to steal victims’ credentials by abusing the Telegram messaging app’s API to create malicious domains for bypassing email gateways (see: Fraudsters Using Telegram API to Harvest Credentials).
In September 2020, security firm Malwarebytes found that some fraudsters had started using Telegram as a way to sweep up payment card data from victims using Base64 encoding strings in conjunction with a bot (see: Fraudsters Use Telegram App to Steal Payment Card Data).