0

TL;DR: Can:

  1. A random hacker access my telegram account by entering my phone number on the official web.telegram.org authentication portal and hijacking the SMS code they send? or

  2. A "telegram engineer" access my telegram account by changing a bit the system such that the SMS code is not sent over the GSM network but to his device?

Full question:

I am concerned about a very specific part of the telegram security protocol. I have read a lot of criticism about the protocol itself, but no answer to my question yet. I also know about the telegram security contests, but I know that they are bullshit because they will only tell telegram secure against KPA attacks.

Furthermore, I am not asking about secret chats, I know they are end-to-end encrypted.

I'm asking about the content of cloud-based chats, which is kept on telegram servers. The only article I have found about the topic is this one. It states:

Since without E2EE Cloud Chat data is theoretically accessible, we use a unique distributed infrastructure to protect it. Cloud Chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, local intruders or engineers can't access this data, and several court orders from different jurisdictions are required to force us to give up any of it.

Thanks to this structure, we can ensure that no single government or block of like-minded countries can intrude on people's privacy and freedom of expression. Telegram can be forced to give up data only if an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world.

As a result, we have disclosed 0 bytes of user data to third parties, including governments, to this day.

I suppose that when I want to access my telegram account from a new device and an authentication token is sent to my other telegram device, this authentication mode is secure, not just in the sense that it cannot be seen by hackers. In fact, I can easily imagine a scenario where the telegram server generates a token that is sent to my device, and the telegram app on my device computes the 6-digit code using both the token and my very private key. In this way, a telegram employee can not access my account even if they know the token generated on the server. (I hope I made it clear on this point, I am not so sure.)

But, continuing the quote from the linked article:

If you are concerned about security in general, there are other important precautions you could take. Consider protecting your account by enabling 2-Step Verification and setting up a strong passcode to lock your app, then it won’t be possible to access your chats by stealing your device or even by intercepting your SMS code. You will find both options in ‘Settings’ under ‘Privacy and Security,’ ask me if you’d like more details.

Does that mean that if someone put my number into web.telegram.org and then intercept the SMS code they can just use it to log in to my account, pretending they are me?

I know that the SMS token only works with the keys generated by the device on which I am trying to access, but another possible attack scenario can be the following: a "telegram engineer" (I am not sure about how telegram employees are organized or structured) modifies the infrastructure a bit such that when a login is required, the token is not sent to me via SMS, but saved somewhere or such that it is sent to their device. Then they can enter my phone number in the official web.telegram.org web portal and log in as me.

Note that in these attacks it is not required to break any jurisdictions nor to access any encrypted database, just to use the existent official web login portal.

Improve this question

2 Answers 2

Reset to default
3

A "telegram engineer" access my telegram account

Short answer is that it's possible.

The simplest way would be for a telegram engineer to change the Telegram client to forward your password when it's entered. Then, Telegram can have bullet proof crypto, you can own the keys, their systems can be audited but the end-to-end system is under the control of Telegram: it's perfectly possibly for them to have a back door. It's perfectly possible for them to introduce a back door. They probably don't but, they could. If they change the client to capture and forward your password then it does not matter what crypto they use on the back end or in which jurisdictions they store the shards or if they also choose to send you an SMS code because your password is known.

Improve this answer
1
  • 3
    This is why open source matters with end-to-end encrypted messengers. Telegram is not exactly open source (they violate GPL by withholding the code for months), but many people like me use the open source version from F-Droid. It would be harder to backdoor that client. Most Android updates come through GPlay, so there you'd have to include the backdoor for everyone instead of just your target. Large risk that it is noticed. It's not as easy as you make it sound, plus we have defenses (like using the source code instead of the binary).
    – Luc
    Commented Aug 6, 2019 at 8:01
2

Does that mean that if someone put my number into web.telegram.org and then intercept the SMS code she can just use it to log in to my account, pretending she is me?

If you don't use 2-factor verification, then yes - that's absolutely possible. For that the attacker needs to know your phone number and have access to your device, as the phone number will be sent to the Telegram servers over encrypted channels. It's very unlike that an attacker would use something like an IMSI-catcher to intercept the SMS because they are relatively expensive - and there are usually cheaper and less elaborate ways to achieve the same.

But be aware that in that case - when an attacker already has gained some form of access to your device - a 2-factor verification, or even -authentication will most likely be useless as well if you use the same device. Therefore I always use a 'dumbphone' for all of my 2-factor SMS-verification, and can only recommend everyone to do the same. (Ofc. there is also the possibility of a MITM, but that is a general risk and not relevant here.)

...A "telegram engineer" (I am not sure about how telegram employees are organized or structured) modifies the infrastructure a bit such that when a login is required, the token is not sent to me via SMS, but saved somewhere or such that it is sent to her device.

You have to either trust in their software and assume that nobody can access the mechanisms involved in their SMS-verification, or use 2-factor verification.

Note that in these attacks it is not required to break any jurisdictions nor to access any encrypted database, just to use the existent official web login portal.

Consider the software (-modules...) they use for the SMS-verification mechanism also as being protected in some ways.

In conclusion: It is highly recommended to enable 2-step verification (with a secure password) and if you are being very cautios then use the phone call-verification instead of SMS-verification.

Improve this answer
1
  • 2
    It's usually easier to have someone who works on a phone company to transfer the victim number to a SIM card in the attacker's possession. Also possible is to use the voice message instead of SMS, and force it to go to the voice mail, which is usually protected by a weak PIN. This is what happened recently in Brazil in with high-profile case involving prosecutors.
    – Conrado
    Commented Aug 6, 2019 at 13:33

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .