Security Analysis Of The Telegram IM

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration)

Telegram is a popular instant messaging service, a self-described fast and secure solution. It introduces its own home-made cryptographic protocol MTProto instead of using already known solutions, which was criticised by a significant part of the cryptographic community. In this talk, we will briefly introduce the protocol and then present two major findings we discovered as part of our security analysis performed in late 2016. First, the undocumented obfuscation method Telegram uses, and second, a replay attack vulnerability we discovered. The analysis was mainly focused on the MTProto protocol and the Telegram's official client for Android.

Presenters:

• Josef Kokeš - Czech Technical University in Prague
  Tomas Susanka interested in computer security and cryptography, mostly trying to understand the world of applied cryptography - cryptographic protocols, instant messengers, sometimes cryptocurrencies.
• Tomas Susanka - Czech Technical University in Prague
  Tomas Susanka interested in computer security and cryptography, mostly trying to understand the world of applied cryptography - cryptographic protocols, instant messengers, sometimes cryptocurrencies.

Links:

• https://deepsec.net/archive/2017.deepsec.net/speaker.html#PSLOT341

Similar Presentations:

• Summercon 2016 / Not-so-secure Instant Messaging
• 33C3 (2016) / A look into the Mobile Messaging Black Box: A gentle introduction to mobile messaging and subsequent analysis of the Threema protocol.
• AppSec USA 2017 / Beyond End-to-End Encryption: Threats Models For Secure Messaging