- Tekashi 69 alleges Cardi B was a Bloods gang member 4 Years Ago
- Right-wing sites falsely claimed group of Somalis attacked man in viral video Today 5:00 PM
- Big creators risk losing checkmarks amid YouTube verification purge Today 4:56 PM
- How to stream Eagles vs. Lions in NFL Week 3 action Today 4:52 PM
- How to stream Steelers vs. 49ers in NFL Week 3 action Today 4:10 PM
- How to stream Bills vs. Bengals in NFL Week 3 action Today 4:03 PM
- Colt halts production of AR-15s for civilians Today 3:45 PM
- If you love long-winded, hashtag-heavy Instagram captions, these apps can help Today 2:54 PM
- Teen girls on TikTok have convinced the internet that they eat their tampons Today 2:33 PM
- Twitch streamer faces criticism for trying to defend racist jokes Today 2:03 PM
- How to stream Raiders vs. Vikings in Week 3 Today 12:55 PM
- NRA calls Beto O’Rourke ‘AR-15 salesman of the month’ in wake of buyback proposal Today 12:03 PM
- After 23 deaths, Sean Bean is tired of getting killed on-screen Today 11:48 AM
- Stephen Miller has a girlfriend—and people are stunned Today 11:35 AM
- Mickey Rourke says Robert De Niro iced him out of ‘The Irishman’ Today 11:07 AM
Cryptography expert casts doubt on encryption in ISIS’ favorite messaging app
Jihadists continue to try to use the app despite its creators banning ISIS-related channels.
Telegram makes some pretty bold claims about the security of its application, but a cryptography expert said that the algorithm and methods that it uses to encrypt messages between users are “made up.”
“They basically made up a protocol,” Matthew Green, a professor of cryptography at Johns Hopkins University, told the Daily Dot. “According to their blog post, they have a couple of really brilliant mathematicians who aren’t really cryptographers but were smart so they came up with their own protocol. It’s pretty crazy. It’s not something that a cryptographer would use. That said, I don’t know if it’s broken. But, it’s just weird.”
In late 2013, Telegram boasted in a now-removed FAQ statement about the security of their application.
“Very secure. We are based on a new protocol, MTProto, built by our own specialists, employing time-tested security algorithms. At this moment, the biggest security threat to your Telegram messages is your mother reading over your shoulder. We took care of the rest.”
Green isn’t the only one weary of Telegram’s professed security. Security researcher Thaddeus Grugq, better known as “grugq,” wrote a brutal blog post on the subject.
“In summary,” he wrote, “Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger. In short, for better protection, use anything else.”
So why would terrorists who are interested in hiding their communications from law enforcement use an app with such unreliable encryption, instead of a trusted app like Signal? The ability to broadcast propaganda, Green said.
“There’s all this talk about these terrorist groups using all this advanced encryption,” he said. “I don’t know that encryption is essentially the biggest problem here. I think these people are willing to use all types of techniques to hide their communications and encryption is just one tool that they use. but one of the things they really like is the ability to broadcast. They like to be able to coordinate and distribute propaganda. Telegram has this feature called channels. There are a bunch of jihadi channels that apparently are very popular among people that are affiliated with ISIS and so you have this app and they’re all using it to communicate, kind of like Facebook.”
Green said that the fact that Telegram’s encryption wasn’t developed by experts left “opportunities for things to go wrong.”
“I think you should use things made by people who are experts,” he said. “You know, because this kind of stuff boils down to the code. So if you come up with something that’s a little cooky but not obviously broken at the architecture level, then sooner or later you have people writing that down in code and there are a lot of opportunities for things to go wrong. You really want to make sure the person doing it knows what they’re doing.”
For now, it seems like jihadists will have trouble getting on to the app. Telegram on Wednesday finally began taking down groups and content related to ISIS. “Since we announced the news, we received dozens of more reports and are blocking confirmed ISIS public channels in real time,” co-founder Pavel Durov told the Daily Dot.
Photo via Diego Castano/Flickr (CC BY 2.0) | Remix by Max Fleishman
Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.