"New Research Shows Cryptographic Vulnerabilities on Popular Messaging Platform, Telegram"
Researchers from Royal Holloway, University of London (RHUL), are part of a team, which conducted a security analysis of the encryption protocol used by the popular Telegram messaging platform that is used by more than half a billion active users monthly. They discovered several cryptographic vulnerabilities in the protocol, ranging from technically minor and easy to exploit to more advanced. Results from the analysis showed that the immediate risk is low for most users, but the weaknesses emphasize that Telegram failed to meet the cryptographic guarantees made by other deployed cryptographic protocols such as Transport Layer Security (TLS). Telegram's 'MTProto' protocol, used to secure communication between the platform's users and servers, replaces the industry-standard TLS protocol. By default, Telegram provides a basic level of protection through the encryption of traffic between clients and servers. End-to-end encryption, which would also protect communication from Telegram employees or anyone who infiltrates Telegram's servers, is only optional and unavailable for group chats. The adoption and proper implementation of changes suggested by the research team can allow Telegram's MTProto to provide security comparable to TLS. According to the Telegram developers, these recommended changes have now been adopted. This article continues to discuss findings and suggestions from the security analysis of Telegram's encryption protocol.