An international research team of cryptographers completed a detailed security analysis of the popular Telegram messaging platform identifying several weaknesses in its protocol that demonstrate the product falls short of some essential data security guarantees. Working with only open-source code and without "attacking" any of Telegram's running systems, a small team of international researchers completed a detailed analysis of the company's encryption services. Scientists from ETH Zurich and Royal Holloway, University of London exposed several cryptographic protocol weaknesses on the popular messaging platform. For most of its 570 million users the immediate risk is low, but the vulnerabilities highlight that Telegram's proprietary system falls short of the security guarantees enjoyed by other, widely deployed cryptographic protocols such as Transport Layer Security (TLS). ETH Zurich Professor, Kenny Paterson indicates that the analysis revealed four key issues that "..could be done better, more securely, and in a more trustworthy manner with a standard approach to cryptography." - First, the "crime-pizza" vulnerability . Researchers assessed that the most significant vulnerabilities relate to the ability of an attacker on the network to manipulate the sequencing of messages coming from a client to one of the cloud servers that Telegram operates globally. Imagine the potential damage that could occur in swapping the sequence of messages.
TO READ THIS ARTICLE, CREATE YOUR ACCOUNT
And extend your reading, free of charge and with no commitment.
