Audit Telegram Encryption Points to Poor Security

An audit of Telegram’s public source code reveals flaws in the company’s proprietary encryption protocol MTProto. The protocol is said to be less secure than existing encryption methods whose security has been proven.

The source code audit of the popular chat app was conducted in February 2015 and the results have now been published. The researchers from the Danish University of Aarhus come to the conclusion that the encryption protocol written by Telegram itself, called MTProto, does not meet the requirements of IND-CCA. This stands for indistinguishability under chosen-ciphertext attack and in this case means that an attacker can convert an encrypted message into another encrypted message.

When this last message is decrypted, the same original text appears again. The advantage here is that the attacker can obtain information about the encryption method. This attack can be countered by using authenticated encryption. This can identify incorrectly encrypted text, making a chosen-ciphertext attack impossible.

The researchers say this is a theoretical attack and that they believe there is no way to perform an attack to retrieve the plaintext, or clear text, of a message. They argue that the findings do raise questions about MTProto’s security, as alternative encryption protocols exist that can provide better security. It is not the first time that the encryption of MTProto has come under fire. The researchers presented their findings to Telegram in September 2015. They recommend not releasing a patch for MTProto, but opting for a better solution based on a properly implemented form of authenticated encryption.