Paper 2022/595

On the Cryptographic Fragility of the Telegram Ecosystem

Theo von Arx and Kenneth G. Paterson

Abstract

Telegram is a popular messenger with more than 550 million monthly active users and a large ecosystem of different clients. Telegram has its own bespoke transport layer security protocol, MTProto 2.0. This protocol was recently subjected to a detailed study by Albrecht et al. (IEEE S&P 2022). They gave attacks on the protocol and its implementations, along with a security proof for a modified version of the protocol. We complement that study by analysing a range of third-party client implementations of MTProto 2.0. We report practical replay attacks for the Pyrogram, Telethon and GramJS clients, and a more theoretical timing attack against the MadelineProto client. We show how vulnerable third-party clients can affect the security of the entire ecosystem, including official clients. Our analysis reveals that many third-party clients fail to securely implement MTProto 2.0. We discuss the reasons for these failures, focussing on complications in the design of MTProto 2.0 that lead developers to omit security-critical features or to implement the protocol in an insecure manner. We also discuss changes that could be made to MTProto 2.0 to remedy this situation. Overall, our work highlights the cryptographic fragility of the Telegram ecosystem.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
messagingsecure communicationattacks
Contact author(s)
kenny paterson @ inf ethz ch
theo vonarx @ inf ethz ch
History
2022-05-17: received
Short URL
https://ia.cr/2022/595
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/595,
      author = {Theo von Arx and Kenneth G.  Paterson},
      title = {On the Cryptographic Fragility of the Telegram Ecosystem},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/595},
      year = {2022},
      url = {https://eprint.iacr.org/2022/595}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.