Paper 2022/595
On the Cryptographic Fragility of the Telegram Ecosystem
Theo von Arx and Kenneth G. Paterson
Abstract
Telegram is a popular messenger with more than 550 million monthly active users and a large ecosystem of different clients. Telegram has its own bespoke transport layer security protocol, MTProto 2.0. This protocol was recently subjected to a detailed study by Albrecht et al. (IEEE S&P 2022). They gave attacks on the protocol and its implementations, along with a security proof for a modified version of the protocol. We complement that study by analysing a range of third-party client implementations of MTProto 2.0. We report practical replay attacks for the Pyrogram, Telethon and GramJS clients, and a more theoretical timing attack against the MadelineProto client. We show how vulnerable third-party clients can affect the security of the entire ecosystem, including official clients. Our analysis reveals that many third-party clients fail to securely implement MTProto 2.0. We discuss the reasons for these failures, focussing on complications in the design of MTProto 2.0 that lead developers to omit security-critical features or to implement the protocol in an insecure manner. We also discuss changes that could be made to MTProto 2.0 to remedy this situation. Overall, our work highlights the cryptographic fragility of the Telegram ecosystem.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Preprint. MINOR revision.
- Keywords
- messagingsecure communicationattacks
- Contact author(s)
-
kenny paterson @ inf ethz ch
theo vonarx @ inf ethz ch - History
- 2022-05-17: received
- Short URL
- https://ia.cr/2022/595
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/595, author = {Theo von Arx and Kenneth G. Paterson}, title = {On the Cryptographic Fragility of the Telegram Ecosystem}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/595}, year = {2022}, url = {https://eprint.iacr.org/2022/595} }