Vulnerabilities discovered in Telegram encryption protocol

Vulnerabilities discovered in Telegram encryption protocol

A group of researchers from London recently revealed that they had discovered four cryptographic vulnerabilities in Telegram which has been quite popular for its encryption protocols to keep its users safe. The analysis was conducted on the use of symmetric cryptography in the Telegram’s own MTProto 2.0 protocol which is said to be their alterative to the TLS record protocol.

Telegram has over 500 million users, the vulnerabilities revealed do not impose immediate risk to its users but highlights the fact that the encryption protocols that are blindly trusted so far are not perfect for sure. The security analysis was conducted by the scientists from ETH Zurich and Royal Holloway, University of London.

…could be done better, more securely, and in a more trustworthy manner with a standard approach to cryptography.”

Kenny Paterson, ETH Zurich Professor

All of the details from this detailed security analysis was published in a paper, highlighting the four key vulnerabilities that were unearthed by them.

#1: the ‘crime-pizza’ vulnerability

The researchers revealed that an attacker on the network could manipulate the sequencing of the messages that are sent by the client to one of the Telegram’s cloud server that is operated globally. The risk and impact of this vulnerability is immense, the swapping with the sequencing of messages could lead to problems that we’re yet not ready for. For example, someone sending ‘live a better life, say no to drugs’ could turn into ‘say yes to drugs’ that would not only defame the client but might also end up in turning into an evidence for a crime they have not committed.

#2: ‘every bit of information is too much’

This vulnerability allows an attacker on the network to identify which of the two messages has been encrypted by the client or server. Usually, the cryptographic protocols should not give out such information.

#3: ‘adjust your clocks’ attack

The researchers analysed Telegram’s client applications: Desktop, iOS and Android. It was discovered that all of them consisted of a piece of code that allowed the attacker to recover some plaintext from encrypted messages. It definitely sounds alarming but this type of attack is unlikely to happen in practical because the attackers would need to send millions of specially crafted messages and then observe the delays in response time with messages getting delivered. This vulnerability for sure breaks the users trust that has been in the confidentiality maintained by Telegram. However, this attack being not that practical, the users are somewhat in a sigh of relief.

#4: ‘piggy in the middle’

The researchers discovered that an attacker can perform a Man-in-the-Middle attack(MITM) attack in which the attacker impersonates to the server at the stage of initial key negotiation hence taking over the whole communication that continues. Luckily, for this attack to be successful an attacker has to send billions of specially crafted messages to Telegram’s servers within minutes so it is very unlikely to be exploited in practical. However, it still proves that the trust we’ve put in the Telegram’s encryption protocols is pointless.


The Telegram has posted that it made changes following the researchers observations making these vulnerabilities irrelevant and not exploitable anymore. Moreover they mentioned that these vulnerabilities were not critical but has contributed towards improving their protocol’s security.

Apps like Telegram and Signal became quite popular when the people were concerned about their online safety and hence everybody started talking about ‘end-to-end encryption’. Telegram was responsible enough to have fixed such vulnerabilities quicker, even if the observations were said to be of low-impact — it still did pose a threat to the confidentiality and integrity of the Telegram’s cloud chats.

Have anything to say? Share it in comments.

Leave a Reply

Your email address will not be published. Required fields are marked *