By now, you’ve probably heard of Telegram Messenger, the chat and messaging app developed by the founders of VK, Russia’s largest social network. Its icon, a paper airplane on a blue background, symbolizes freedom of communication– Telegram was launched in August 2013 during the NSA hacking scandal, when Edward Snowden, now in exile in Russia, revealed the agency’s secrets.
Telegram is also available for Windows thanks to Telegram for Desktop
When Telegram was released, there were other secure messaging apps, but none of them were easy to use. Telegram copied WhatsApp’s appearance and functions, adding their own safety features along with the ability to use external apps to chat from a browser or desktop. It became apparent that users could have the same experience using Telegram as they did using WhatsApp, but without the dangers. At this point, many security-minded users decided to switch to Telegram, but when Facebook bought Whatapp last week, its popularity went through the roof. Now, it’s one of the most popular apps on Google Play.
Telegram Messenger is now one of the most popular apps in Google Play
To learn more about its level of security, we contacted Markus Ra from Telegram to get all the details. Of course, we wanted a second opinion, so we also contacted some of the best computer security experts around: Lorenzo Martínez, Chema Alonso and Geoffroy Couprie.
Telegram is like WhatsApp, but with additional security
On the left, Telegram; on the right, WhatsApp. If nothing else, they certainly look similar.
If we look at Telegram’s appearance and functions, it seems like an almost perfect clone of WhatsApp: you can send text messages, pictures and emoticons from your phone or PC. What really makes Telegram different, however, are its security features: messages are heavily encrypted, you can open secret chats, and messages can be destroyed after a few seconds. These are features that WhatsApp doesn’t offer, and Telegram has included them with a team of only 10 developers.
“The idea behind Telegram is to bring something more secure to the masses, who understand nothing about security and want none of it. Being merely secure is not enough to achieve this — you also need to be fast, powerful and user friendly.” – Markus Ra (Telegram)
“The main reason behind Telegram’s success is WhatsApp’s safety deficiencies. WhatsApp didn’t stop to think about security right from the beginning. Telegram at least tried.” – Lorenzo Martínez
Telegram developers believe the app to be so secure, that they’ve promised a $200,000 reward to the person capable of breaking their encrypted algorithm, which is a protocol designed from scratch by a team of mathematicians While the competition will close March 2014, it’s already had a positive impact: it’s helped discover a potential vulnerability that has already been fixed.
“We don’t know how many have tried, but we know that nobody has succeeded so far. The practical task of the contest — deciphering intercepted real-time Telegram traffic — has not yet been achieved. But the contest proved very useful in attracting attention from security specialists worldwide. Thanks to this we learned about theoretical threats outside the scope of the contest and modified our systems accordingly in December.” – Markus Ra (Telegram)
According to experts like Moxie Marlinspike, however, the conditions of the challenge set by Telegram are so complicated, that it would work for other messaging services, even WhatsApp. In another analysis, Geoffroy Couprie dismantled several of the security claims made by Telegram, revealing potential weaknesses in the application.
In this time of uncertainty and governmental surveillance, an app that puts safety above everything else could dethrone WhatsApp. Now that Telegram’s security is being questioned, however, can we even trust it? Is it really safer than WhatsApp?
On paper, Telegram’s security is very good
Telegram’s security is all about storing the bare minimum. It only stores the data it needs to work properly, like a phone number and profile picture. Secret chats are not stored anywhere, and are sent directly to the recipient. Normal chats are stored on Telegram’s servers, but they’re encrypted, and not even the company’s employees can access them. Even further, when all participants delete a chat, the information disappears.
“A conversation will be stored while it’s part of someone’s chat. When you delete the conversation, it disappears forever. To delete an account implies that all messages, contacts and credentials are removed from our servers, forever.” – Markus Ra (Telegram)
Even thought it’s a non-commercial project, Telegram’s infrastructure is distributed worldwide in data centers in places as diverse as London and Singapore. It’s a flexible, distributed network in which all data is stored with strong encryption to prevent local intrusions or stop the authorities from accessing them. That’s why the authors state that Telegram is “NSA proof”, although with a few exceptions.
“Telegram is no more than a step in the endless march against surveillance. The information revealed by Snowden seems to show that operating systems – iOS or Android – could have a backdoor. So right now, no app can be considered 100% NSA proof.” – Markus Ra (Telegram)
It seems, however, that operating systems aren’t the only things in danger. According to Geoffroy Couprie, someone who accessed the server could alter or analyze the encrypted messages. Two months ago, a user identified a vulnerability that could make a basic attack possible (which Telegram fixed in just two days). “This happened because Telegram uses its own architecture instead of following accepted practices. Who knows what else might be hiding in their protocol?“, Couprie told us.
A custom data protocol: bold but easy to understand
It might have been because they didn’t trust other protocols, or maybe because they wanted to be innovative, but Telegram uses its own encryption system. It’s called MTProto, and it took a team of Russian mathematicians several years to develop. Right from the start, Telegram developers were looking for something that was “really fast”, but could also protect conversations with an encryption system that not even the army could break.
“There are countless ways to implement strong encryption; there is no absolute truth. We use classic and tested algorithms instead of what the NSA recommends. The solutions we use come from a time when bandwidth and fast processors were rare.” – Markus Ra (Telegram)
Creating an encryption protocol from scratch is considered a very dangerous solution from a cryptographic point of view, and known and proven techniques are usually preferred. Similar systems to those that Telegram is using, such as OTR, have been developed and tested for longer. A new protocol could result in unpleasant surprises for those who are using it for confidential communication.
But Telegram disagrees. According to its developers, MTProto is a solid protocol.
“The weak spots of these algorithms are known and have been used for decades. But we have combined the algorithms in such a way that we believe that no known attack could be successful. The worst thing that experts have said about our encryption is that it’s unusual and that they can only understand it after it has been explained in detail.” – Markus Ra (Telegram)
Geoffroy Couprie believes that, even though “it’s not a bad thing”, the creation of a new protocol has led Telegram to ignore those that already exist, such as the OTR protocol used by many messaging applications to increase their security. “If someone creates a new protocol from scratch,” says Couprie, “it should solve problems that have not been resolved before. And that’s not the case with Telegram’s protocol”.
Diagram of the security protocol used by Telegram Messenger (source)
Contrastingly, other experts see Telegram’s efforts as something positive. Such is the case for Lorenzo Martínez. According to him, it makes sense to create a new protocol after the NSA scandal made us doubt previous systems, especially if Russians – America’s and the NSA’s antagonists par excellence – are behind it. Chema Alonso also shares this point of view: “Their implementation is new, perhaps to avoid the possible existence of bugs introduced to make their decryption easier.”
Careful, non-official apps could be a risk
With its open architecture, Telegram makes it easy for others to develop unofficial apps. There are apps for Windows, Mac and other platforms– there’s even a Telegram client that can be used on Linux CLI– but these apps are developed by third parties and, since they are not as tightly controlled as the official one, could be vulnerable to security holes.
An example of the risks of using third-party apps is Webogram, a unofficial Telegram web-client that has become very popular. Unfortunately, a tiny flaw was detected a few weeks ago. With a very simple trick, the titles of other conversations could be seen without authorization. “A minor vulnerability”, according to Telegram developers, who insist that transparency is key to solve any future issue.
“As in case of any software (Microsoft, Apple, Facebook, Silent Circle), bugs and all kinds of issues may occur in Telegram applications. Our contests, bug bounties and the open source community ensure that issues are detected and fixed early and do not harm Telegram users.” – Markus Ra (Telegram)
That’s true for Telegram, but it might not be the case for unofficial applications. According to Lorenzo Martínez, “we could all encounter a false Telegram“, and the only way to be safe is to be careful with unofficial apps. Telegram, on the other hand, has published the security guidelines that all applications must follow to be considered safe. Allegedly, the apps mentioned in their site follow these guidelines, but others might not.
Telegram: “If you don’t trust us, use the secret chats”
Telegram is much more transparent than WhatsApp or other popular messaging apps. The source code is available for inspection, and the servers’ code might also be published soon, although it “won’t be very useful for now,” they add.
“Telegram is a unified cloud service, so creating forks where two users might end up on two different Telegram clouds is unacceptable. To enable you to run your own Telegram server is a task in itself, and this task is not easily accomplished without sacrificing speed and security. We are undecided on whether we should go that way or not, but in any case we will publish the server code eventually.” – Markus Ra (Telegram)
When asked about the advantages and risks of publishing the servers’ source code, Telegram told us it “won’t add much to the trust topic,” since no one ensures that the executed code is the code shown in the source. “That is why we have secret chats, something you can trust even if you don’t trust us. And to make sure that the key used is actually unknown to the server, you can compare the key images: if they are the same, there has been no manipulation”.
If the key image is the same on both telephones, the secret chat is safe
Telegram is more secure than other apps, but it’s not perfect
What we know so far suggests that Telegram is safer than WhatsApp, LINE and other popular apps. If you take precautions, such as making sure that no one has physical access to your phone, and if you avoid using unofficial apps, it’s much harder for someone to intercept and decode your chats. Of course, if someone gets physical access to the phone, Telegram’s security is useless.
“The app has some limitations, and if anyone has local access to the terminal, they could use a system like Telegram Anti-Delete Protection Tool to prevent messages from being deleted and to recover them in the future, like a keylogger.” – Chema Alonso
Lorenzo Martínez, on the other hand, defends Telegram’s intentions: “It is safer than other apps. That doesn’t mean it’s completely safe. That would be a bold statement. But they started working with the idea of making a secure app.” In short, Telegram’s security isn’t perfect because perfection is impossible to achieve, especially in a field like computer security, where skepticism is standard.
What do the experts use and recommend
Driven by curiosity, we wanted to ask the experts what apps they normally use to chat, along with which apps they recommend when it comes to secure chatting. Lorenzo Martínez admits that he uses WhatsApp because “everyone uses it”, but he is giving Telegram a chance because “they think about security by default and they can still improve.”
Geoffroy Couprie’s position is very different. He prefers TextSecure for SMS and OTR for everything else. In his opinion, you have to use systems that are known, developed by experts, and have been audited for a long time. “Once you’ve chosen the app you’re using,” he adds, “test how the secure communications are established, how the identities are verified, and how they find out about security issues. Those things may not be well documented, so don’t hesitate to ask the app’s developers.”
Interestingly enough, it’s Telegram who seems to offer the wisest advice: “Remember that security is what you do, not what you use. Telegram can give you a reasonable grade of security against snooping criminals, officials, system administrators or telecom workers, especially if you use Secret Chats, preferably with self-destructing messages. But ultimately it comes down to you. And we can’t protect you from your own mother, if she takes your phone and reads your messages (unless they self-destruct before she gets to them).”
Our favorite piece of advice, though, comes from Chema Alonso: “To talk about important things, I usually swim 300 feet from the shore with no more than swim shorts on.”
Do you think Telegram is a secure app?