Last night, BuzzFeed published an unconfirmed intelligence report on President-elect Donald Trump’s ties with Russia, sending the political world into red alert. But as explosive as the Trump allegations were, there was one passage that was particularly interesting for cryptography buffs, concerning the popular Telegram chat app.
According to one of the report’s unidentified sources, the app may not be as secure as it seems:
An FSB [Russian secret service] cyber operative flagged up the ‘Telegram’ enciphered commercial system as having been of especial concern and therefore heavily targeted by the FSB, not least because it was used frequently by Russian internal political activists and oppositionists. His/her understanding was that the FSB now successfully had cracked this communications software and therefore it was no longer secure to use.
The report raised an alarming thought for Telegram users. Could Russia have an inside line to one of the most popular encrypted chat programs?
“We think the report is likely to be fake.”
Reached by The Verge, Telegram emphasized the vague and unconfirmed nature of the report. “We think the report is likely to be fake,” a Telegram representative said, “but if it is not, it probably refers to the story of SMS interception by FSB in April 2016 or a similar incident.”
Widely reported at the time, the April incident saw FSB agents intercepting login requests sent over SMS, then using those requests to hijack individual accounts. A similar attack was later discovered in Iran. While not a bug in Telegram’s encryption protocol, the attack is still a serious threat to Telegram users not using two-factor authentication.
There’s also good reason to doubt the accuracy of the leaked report. When the FBI investigated the allegations this summer, it found little evidence to support them. Some of the specific claims in the report have already been debunked, like an alleged meeting between Trump lawyer Michael Cohen and Russian leadership in Prague. Cohen was in Los Angeles when the meeting supposedly took place.
The allegations have triggered a new wave of skepticism against Telegram, which has often been criticized for relying on its own protocol rather than a more widely researched one. On Twitter, longtime Telegram critic Nadim Kobeissi laid out a new attack on the protocol, which he claims would allow a hostile party to reset Telegram’s forward secrecy protections. The resulting attack would require an attacker to compromise a Telegram server, so it’s not a full break of the underlying cryptography, but would still represent a serious weakness in the service.
Reached by The Verge, Telegram disputed the finding. “It's rather strange that Nadim Kobeissi decided not to contact us about this first, because his method will not work,” the representative said, pointing to the service’s “sequence numbers” function. “The server cannot just 'drop' any message.” On Twitter, Kobeissi disputed that sequence numbers would mitigate the attack, and defended his finding.
The allegation has already raised eyebrows among many in the community. As Johns Hopkins professor Matthew Green put it on Twitter, “if accurate, it’s bad.”
7:58PM ET: Updated with Kobeissi’s defense of his finding.