- Here’s what’s coming and going on Hulu in August 2019 Today 7:00 AM
- ‘Game of Thrones’ creators drop out of Comic-Con at last minute Today 6:38 AM
- Inside Britt McHenry’s war on women Today 6:30 AM
- The glorious highs and unexpected quirks of 4K streaming Today 6:00 AM
- Southwest Airlines passengers receive free Nintendo Switch consoles and Mario Maker 2 Wednesday 9:10 PM
- The Deplorable Choir drops diss track aimed at 4 congresswomen from Trump’s racist tweets Wednesday 8:09 PM
- Florida city is pushing homeless people out by playing ‘Baby Shark’ on a loop Wednesday 7:27 PM
- A ‘Gossip Girl’ reboot is coming to HBO Max–and fans are not happy with the casting details Wednesday 6:44 PM
- Beto can’t leverage his slave owner ancestry to gain Black voters’ trust Wednesday 5:51 PM
- Oakland to become the third U.S. city to ban facial recognition Wednesday 5:50 PM
- ‘Release the Snyder Cut’ billboards pop up outside of San Diego Comic-Con Wednesday 5:24 PM
- Iggy Azalea and Peppa Pig have an epic Twitter fight Wednesday 4:39 PM
- Should you be concerned about your privacy on FaceApp? Wednesday 4:15 PM
- Google ‘terminates’ Dragonfly, its censored search engine for China Wednesday 3:33 PM
- AOC rips Facebook during Libra House hearing Wednesday 3:14 PM
Cryptography expert casts doubt on encryption in ISIS’ favorite messaging app
Jihadists continue to try to use the app despite its creators banning ISIS-related channels.
Telegram makes some pretty bold claims about the security of its application, but a cryptography expert said that the algorithm and methods that it uses to encrypt messages between users are “made up.”
“They basically made up a protocol,” Matthew Green, a professor of cryptography at Johns Hopkins University, told the Daily Dot. “According to their blog post, they have a couple of really brilliant mathematicians who aren’t really cryptographers but were smart so they came up with their own protocol. It’s pretty crazy. It’s not something that a cryptographer would use. That said, I don’t know if it’s broken. But, it’s just weird.”
In late 2013, Telegram boasted in a now-removed FAQ statement about the security of their application.
“Very secure. We are based on a new protocol, MTProto, built by our own specialists, employing time-tested security algorithms. At this moment, the biggest security threat to your Telegram messages is your mother reading over your shoulder. We took care of the rest.”
Green isn’t the only one weary of Telegram’s professed security. Security researcher Thaddeus Grugq, better known as “grugq,” wrote a brutal blog post on the subject.
“In summary,” he wrote, “Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger. In short, for better protection, use anything else.”
So why would terrorists who are interested in hiding their communications from law enforcement use an app with such unreliable encryption, instead of a trusted app like Signal? The ability to broadcast propaganda, Green said.
“There’s all this talk about these terrorist groups using all this advanced encryption,” he said. “I don’t know that encryption is essentially the biggest problem here. I think these people are willing to use all types of techniques to hide their communications and encryption is just one tool that they use. but one of the things they really like is the ability to broadcast. They like to be able to coordinate and distribute propaganda. Telegram has this feature called channels. There are a bunch of jihadi channels that apparently are very popular among people that are affiliated with ISIS and so you have this app and they’re all using it to communicate, kind of like Facebook.”
Green said that the fact that Telegram’s encryption wasn’t developed by experts left “opportunities for things to go wrong.”
“I think you should use things made by people who are experts,” he said. “You know, because this kind of stuff boils down to the code. So if you come up with something that’s a little cooky but not obviously broken at the architecture level, then sooner or later you have people writing that down in code and there are a lot of opportunities for things to go wrong. You really want to make sure the person doing it knows what they’re doing.”
For now, it seems like jihadists will have trouble getting on to the app. Telegram on Wednesday finally began taking down groups and content related to ISIS. “Since we announced the news, we received dozens of more reports and are blocking confirmed ISIS public channels in real time,” co-founder Pavel Durov told the Daily Dot.
Photo via Diego Castano/Flickr (CC BY 2.0) | Remix by Max Fleishman
Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.