- The new ‘Cats’ trailer is here to make you want to claw your eyes out Thursday 7:59 PM
- Bella Thorne claims Tana Mongeau ‘broke girl code’ in a series of messy tweets Thursday 7:00 PM
- Redditors keep this data engineer’s plants alive for him Thursday 5:20 PM
- Professor writes article defending ‘Asian romantic preference’—and no one is here for it Thursday 4:57 PM
- Ditch Pornhub and support adult content creators instead Thursday 4:46 PM
- Fans grieve Kyoto Animation Studio fire with #PrayforKyoAni Thursday 4:18 PM
- Netflix’s ‘Secret Obsession’ isn’t just terrible—it’s boring as hell Thursday 3:30 PM
- Instagram expands experiment of hiding likes to 6 more countries Thursday 3:20 PM
- Man asks woman to stop speaking Spanish on a plane—and bystanders start speaking Spanish Thursday 12:55 PM
- Schumer calls on FBI, FTC to investigate FaceApp Thursday 12:41 PM
- Netflix loses subscribers—but hopes some tentpole shows can save it Thursday 12:10 PM
- Man utterly roasted for saying women can’t ask for equality in revealing clothing Thursday 12:07 PM
- Instagram struggles to remove photos of Bianca Devins’ dead body Thursday 11:14 AM
- ‘Storm Area 51’ creator says its gotten so big he’s worried about the FBI Thursday 10:49 AM
- Everyone loves Q baby, the baby who apparently supports QAnon Thursday 9:53 AM
Cryptography expert casts doubt on encryption in ISIS’ favorite messaging app
Jihadists continue to try to use the app despite its creators banning ISIS-related channels.
Telegram makes some pretty bold claims about the security of its application, but a cryptography expert said that the algorithm and methods that it uses to encrypt messages between users are “made up.”
“They basically made up a protocol,” Matthew Green, a professor of cryptography at Johns Hopkins University, told the Daily Dot. “According to their blog post, they have a couple of really brilliant mathematicians who aren’t really cryptographers but were smart so they came up with their own protocol. It’s pretty crazy. It’s not something that a cryptographer would use. That said, I don’t know if it’s broken. But, it’s just weird.”
In late 2013, Telegram boasted in a now-removed FAQ statement about the security of their application.
“Very secure. We are based on a new protocol, MTProto, built by our own specialists, employing time-tested security algorithms. At this moment, the biggest security threat to your Telegram messages is your mother reading over your shoulder. We took care of the rest.”
Green isn’t the only one weary of Telegram’s professed security. Security researcher Thaddeus Grugq, better known as “grugq,” wrote a brutal blog post on the subject.
“In summary,” he wrote, “Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger. In short, for better protection, use anything else.”
So why would terrorists who are interested in hiding their communications from law enforcement use an app with such unreliable encryption, instead of a trusted app like Signal? The ability to broadcast propaganda, Green said.
“There’s all this talk about these terrorist groups using all this advanced encryption,” he said. “I don’t know that encryption is essentially the biggest problem here. I think these people are willing to use all types of techniques to hide their communications and encryption is just one tool that they use. but one of the things they really like is the ability to broadcast. They like to be able to coordinate and distribute propaganda. Telegram has this feature called channels. There are a bunch of jihadi channels that apparently are very popular among people that are affiliated with ISIS and so you have this app and they’re all using it to communicate, kind of like Facebook.”
Green said that the fact that Telegram’s encryption wasn’t developed by experts left “opportunities for things to go wrong.”
“I think you should use things made by people who are experts,” he said. “You know, because this kind of stuff boils down to the code. So if you come up with something that’s a little cooky but not obviously broken at the architecture level, then sooner or later you have people writing that down in code and there are a lot of opportunities for things to go wrong. You really want to make sure the person doing it knows what they’re doing.”
For now, it seems like jihadists will have trouble getting on to the app. Telegram on Wednesday finally began taking down groups and content related to ISIS. “Since we announced the news, we received dozens of more reports and are blocking confirmed ISIS public channels in real time,” co-founder Pavel Durov told the Daily Dot.
Photo via Diego Castano/Flickr (CC BY 2.0) | Remix by Max Fleishman
Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.