Two studies again question the security of Telegram

Telegram, along with WhatsAppis one of the most popular instant messaging applications, and one of its main claims is usually the protection it offers users, precisely the point that is questioned in two studies presented within the framework of the RootedCON 2022 cybersecurity event and that offer options to increase security.

The founder of the company specialized in cryptography and data protection CriptoCert, Alfonso Múñoz, and the head of Technical Evaluations in the New Markets department of Telefónica CyberTech, Pablo San Emeterio, have presented at the Rooted CON 2022held last March in Madrid, two investigations that aspire to break telegram security myths.

WhatsApp and Telegram claim that they do not know the content of their users’ conversations thanks to end-to-end encryption. The first implemented it in 2016 and the second was created with this encryption.

SIGHT: LAPSUS$ remains active and is attributed the theft of data from the ‘software’ company Globant

Signal founder Moxie Marlinspike has in the past criticized Telegram for, in his words, keeping the information it collects from the user in plain text and not using end-to-end encryption by default (e2ee), instead offering the possibility of creating ‘secret chats’, which uses a “doubtful” e2ee protocol.

In his presentation during the conference on cybersecurity, Muñoz explained that, however, most of the information and files exchanged on Telegram only has client-server encryptionwhich allows the application to know most of the information that is exchanged in it.

The popular Telegram messaging application on a smartphone screen. (Photo: Yuri KADOBNOV / AFP) (YURI KADOBNOV /)

This speaker also refers to the so-called secret Telegram chats that its server stores in encrypted files. This technique also allows the app to know data such as which people exchange these files, when they do so, their size and their name.

SIGHT: Apple and Meta reportedly leaked user data to criminals posing as public officials

Within this context, the cryptography involved in communications in transit cannot be violated without the collaboration of the company. In this case, Muñoz points out that a large part of Telegram’s security is based on the trust placed in the platform itself.

POSSIBLE SOLUTIONS TO THE PROBLEM OF PRIVACY IN TELEGRAM

Muñoz acknowledges that, although there is no ideal solution to the problem of privacy from the point of view of cybersecurity, there is already a platform that allows comparing and evaluating which app is best suited to the user based on their needs and geopolitical situations concrete.

For its part, San Emeterio presented an additional protection measure consisting of including an extra layer of encryption with the use of introspection techniques and dynamic instrumentation that allow modifying the behavior of applications and operating systems, in this case Telegram.

To do this, a specific instrumentation code is injected into the execution process of a program or application without affecting the results of its dynamic execution in order to monitor and analyze its dynamic execution process.

Source: Elcomercio