- Kanye faces backlash for headlining Christian event with anti-LGBTQ leaders 4 Years Ago
- Why is Yennefer of Vengerberg so different in Netflix’s ‘The Witcher’? Today 10:00 AM
- Actress slammed for ‘acid attack-face’ TikTok challenge Today 9:46 AM
- ‘Weathering With You’ blends fantasy and realism in a magical love story Saturday 6:18 PM
- Kidnapped teen used Snapchat to get rescued Saturday 4:35 PM
- What fans do and don’t want to see in future ‘Far Cry’ installments Saturday 4:26 PM
- Aaron Carter accused of stealing lion art for merch Saturday 3:10 PM
- Instagram’s hidden like counts were inspired by a ‘Black Mirror’ episode Saturday 2:06 PM
- Student says they were expelled for tricking teacher into making inappropriate TikTok Saturday 12:26 PM
- Space Force uniforms relentlessly mocked, memed Saturday 10:52 AM
- Man flamed after admitting he called police on Target employee over a toothbrush Saturday 9:10 AM
- Netflix’s ‘Vivir Dos Veces’ searches for a last chance at first love Saturday 8:00 AM
- Camila Cabello must do more about her racist history Saturday 6:00 AM
- Instagram and Facebook are reportedly blocking queer ads Friday 8:58 PM
- Review: Tyler Perry’s ‘A Fall From Grace’ is both nonsensical and utterly predictable Friday 6:48 PM
Cryptography expert casts doubt on encryption in ISIS’ favorite messaging app
Jihadists continue to try to use the app despite its creators banning ISIS-related channels.
Telegram makes some pretty bold claims about the security of its application, but a cryptography expert said that the algorithm and methods that it uses to encrypt messages between users are “made up.”
“They basically made up a protocol,” Matthew Green, a professor of cryptography at Johns Hopkins University, told the Daily Dot. “According to their blog post, they have a couple of really brilliant mathematicians who aren’t really cryptographers but were smart so they came up with their own protocol. It’s pretty crazy. It’s not something that a cryptographer would use. That said, I don’t know if it’s broken. But, it’s just weird.”
In late 2013, Telegram boasted in a now-removed FAQ statement about the security of their application.
“Very secure. We are based on a new protocol, MTProto, built by our own specialists, employing time-tested security algorithms. At this moment, the biggest security threat to your Telegram messages is your mother reading over your shoulder. We took care of the rest.”
Green isn’t the only one weary of Telegram’s professed security. Security researcher Thaddeus Grugq, better known as “grugq,” wrote a brutal blog post on the subject.
“In summary,” he wrote, “Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger. In short, for better protection, use anything else.”
So why would terrorists who are interested in hiding their communications from law enforcement use an app with such unreliable encryption, instead of a trusted app like Signal? The ability to broadcast propaganda, Green said.
“There’s all this talk about these terrorist groups using all this advanced encryption,” he said. “I don’t know that encryption is essentially the biggest problem here. I think these people are willing to use all types of techniques to hide their communications and encryption is just one tool that they use. but one of the things they really like is the ability to broadcast. They like to be able to coordinate and distribute propaganda. Telegram has this feature called channels. There are a bunch of jihadi channels that apparently are very popular among people that are affiliated with ISIS and so you have this app and they’re all using it to communicate, kind of like Facebook.”
Green said that the fact that Telegram’s encryption wasn’t developed by experts left “opportunities for things to go wrong.”
“I think you should use things made by people who are experts,” he said. “You know, because this kind of stuff boils down to the code. So if you come up with something that’s a little cooky but not obviously broken at the architecture level, then sooner or later you have people writing that down in code and there are a lot of opportunities for things to go wrong. You really want to make sure the person doing it knows what they’re doing.”
For now, it seems like jihadists will have trouble getting on to the app. Telegram on Wednesday finally began taking down groups and content related to ISIS. “Since we announced the news, we received dozens of more reports and are blocking confirmed ISIS public channels in real time,” co-founder Pavel Durov told the Daily Dot.
Photo via Diego Castano/Flickr (CC BY 2.0) | Remix by Max Fleishman
Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.