- Lawsuit alleges YouTube’s unboxing videos are ‘abusive’ ads aimed at kids Sunday 3:48 PM
- Dr. Dre shades Lori Loughlin with Instagram flex about his daughter getting into USC Sunday 3:13 PM
- University of Georgia frat’s racist Snapchat video draws campus outrage Sunday 1:21 PM
- Facing criticism for eating fish, vegan YouTube star Rawvana speaks out Sunday 10:47 AM
- Arnold Schwarzenegger chases mini-pony in new TikTok video Sunday 9:19 AM
- Review: ‘Sekiro: Shadows Die Twice’ is a cut above the rest Sunday 8:00 AM
- Where do 2020 Democratic candidates stand on healthcare? Sunday 7:30 AM
- How to (legally) stream live TV on Kodi Sunday 7:00 AM
- ‘Delhi Crime’ tackles inequality and women’s rights Sunday 7:00 AM
- How to watch the 2019 STP 500 at Martinsville Speedway for free Sunday 6:00 AM
- These high school theater kids put on a totally awesome ‘Alien’ play Saturday 3:59 PM
- Behold these photos of Elon Musk, but with Elizabeth Holmes’ eyes Saturday 3:11 PM
- Barbra Streisand gets ‘canceled’ over remarks about Michael Jackson’s alleged victims Saturday 2:09 PM
- Report: Florida man raped Texas teen after posing as Instagram celeb Saturday 12:14 PM
- Lori Loughlin’s daughters, Olivia and Isabella, could be banned from USC forever Saturday 11:46 AM
Cryptography expert casts doubt on encryption in ISIS’ favorite messaging app
Jihadists continue to try to use the app despite its creators banning ISIS-related channels.
Telegram makes some pretty bold claims about the security of its application, but a cryptography expert said that the algorithm and methods that it uses to encrypt messages between users are “made up.”
“They basically made up a protocol,” Matthew Green, a professor of cryptography at Johns Hopkins University, told the Daily Dot. “According to their blog post, they have a couple of really brilliant mathematicians who aren’t really cryptographers but were smart so they came up with their own protocol. It’s pretty crazy. It’s not something that a cryptographer would use. That said, I don’t know if it’s broken. But, it’s just weird.”
In late 2013, Telegram boasted in a now-removed FAQ statement about the security of their application.
“Very secure. We are based on a new protocol, MTProto, built by our own specialists, employing time-tested security algorithms. At this moment, the biggest security threat to your Telegram messages is your mother reading over your shoulder. We took care of the rest.”
Green isn’t the only one weary of Telegram’s professed security. Security researcher Thaddeus Grugq, better known as “grugq,” wrote a brutal blog post on the subject.
“In summary,” he wrote, “Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger. In short, for better protection, use anything else.”
So why would terrorists who are interested in hiding their communications from law enforcement use an app with such unreliable encryption, instead of a trusted app like Signal? The ability to broadcast propaganda, Green said.
“There’s all this talk about these terrorist groups using all this advanced encryption,” he said. “I don’t know that encryption is essentially the biggest problem here. I think these people are willing to use all types of techniques to hide their communications and encryption is just one tool that they use. but one of the things they really like is the ability to broadcast. They like to be able to coordinate and distribute propaganda. Telegram has this feature called channels. There are a bunch of jihadi channels that apparently are very popular among people that are affiliated with ISIS and so you have this app and they’re all using it to communicate, kind of like Facebook.”
Green said that the fact that Telegram’s encryption wasn’t developed by experts left “opportunities for things to go wrong.”
“I think you should use things made by people who are experts,” he said. “You know, because this kind of stuff boils down to the code. So if you come up with something that’s a little cooky but not obviously broken at the architecture level, then sooner or later you have people writing that down in code and there are a lot of opportunities for things to go wrong. You really want to make sure the person doing it knows what they’re doing.”
For now, it seems like jihadists will have trouble getting on to the app. Telegram on Wednesday finally began taking down groups and content related to ISIS. “Since we announced the news, we received dozens of more reports and are blocking confirmed ISIS public channels in real time,” co-founder Pavel Durov told the Daily Dot.
Photo via Diego Castano/Flickr (CC BY 2.0) | Remix by Max Fleishman
Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.