Why monitoring the most popular P2P messenger should be a cybersecurity priority

 

Cloud-based encrypted communication platform – Telegram – became an overnight sensation, owing to a WhatsApp outage that occurred in 2018. The user base of Telegram hit a whopping 400 million, as of April 2020, since its inception in the year 2013. The non-intrusive nature of the app, contrary to the likes of Facebook Messenger and WhatsApp, is another reason for its popularity.

However, over the years, the app and its developer Pavel Durov have also been on the receiving end of some criticism. The anonymous secure connection of Telegram allows users to access selectively prohibited networks and websites. Among other proxy servers and VPN services, Telegram is also completely or partially banned across several countries that are unwilling to risk national security. Furthermore, the app is not as secure as it claims to be. Its security flaws have been a major cause for data leaks.

In Russia, a struggle that ensued between the Federal Security Service (FSB) and Telegram, after the St. Petersburg bombing, resulted in the application’s ban in 2018. Pavel Durov refused to share the encrypted messages of the suicide bomber who was apparently active on the messaging platform. A court maintained that the app remain banned until its developer agreed to hand over its data encryption keys to the authorities. Russian authorities failed to hold up the ban successfully and decided to lift the ban only recently.

In 2016, 15 million Iranian users’ records were leaked following a major data breach. Iranian hackers exploited the security flaws in Telegram to compromise accounts. In particular, they hacked the SMS verification codes that are generally sent to the users. This attack targeted Saudi royals, NATO officials, and even nuclear scientists.

In a more recent event, pro-democracy campaigners in Hong Kong coordinated their demonstrations against their government using Telegram. Although the app has been banned in the country since 2015, users found a way around it.

In Germany, the police launched a crackdown on criminals to prevent premeditated crimes. For this they only had to use proprietary software to hack into Telegram correspondences. The police successfully carried this out for two years.

 

Why should you monitor Telegram for threats?

The anonymity associated with the app is concern for regulators and governments. It increases the odds of misuse of the app’s features. Which is why Telegram activities on the app should be monitored for the following reasons:

Selective chat encryption

Although users tend to think that their correspondences are all encrypted and secure, the app requires you to change the settings to “activate” end-to-end encrypted chats. Most users are not aware of this.

Proprietary encryption

Telegram relies on the symmetric encryption method and uses proprietary protocol MTproto, making it difficult external cryptographers to audit its efficacy. 

Exposes Metadata

Researchers have uncovered flaws in the app whereby an attacker can snoop on significant data about the user, apart from their chats. For instance, the attacker can figure out when the user is online and offline. This could in turn help them determine who the user is talking to, which is a rather serious flaw.

Breeding ground for illegal activities

In a 2016 report by Memri, Telegram was referred to as “the app of choice for many ISIS, pro-ISIS and other jihadi and terrorist elements.” Terrorist organizations weaponize Telegram to disseminate hatred and misinformation. The anonymity that the messaging app offers indirectly, endorses criminal activities, harmful to civilians and governments alike.

Corrupted files

Latest research from Symantec indicates that media files shared on WhatsApp and Telegram can be manipulated using a malware. This security flaw, known as media file jacking, exists in Android devices. It allows attackers to intercept the process by which applications save media files on the device’s storage.

Command and control

The ‘Masad Clipper and Stealer’ malware, capable of allowing hackers to access user’s personal information and their crypto wallets, was sold via Telegram channels. The Telegram channel was also a makeshift command and control for the same malware.

 

CloudSEK’s proprietary cyber threat monitoring platform XVigil gathers information from Internet Relay Chat (IRC) and chat rooms (for instance, Telegram Channels). The platform then detects conversations that are intended to obtain information about your organisation, and weaponize it against you. XVigil crawls across various parts of the internet to find mentions of your digital assets, so that you can take proactive measures to prevent any external threats to your brand and infrastructure.

Prerit Prasad
Pre-sales Analyst , CloudSEK
He is a Pre-sales Analyst at CloudSEK. He obtained his masters degree in Cyber Security form the University of Hertfordshire, UK, in addition to his advanced degree in Business Administration from Symbiosis Institute of Telecom Management (SITM) and bachelor’s degree in Information Technology. He has two years of experience in retail sales, with Airtel. Prerit also writes fiction and songs.
×
Prerit Prasad
Pre-sales Analyst , CloudSEK
He is a Pre-sales Analyst at CloudSEK. He obtained his masters degree in Cyber Security form the University of Hertfordshire, UK, in addition to his advanced degree in Business Administration from Symbiosis Institute of Telecom Management (SITM) and bachelor’s degree in Information Technology. He has two years of experience in retail sales, with Airtel. Prerit also writes fiction and songs.
Latest Posts
  • Data leak ransomware
CloudSEK is continuously analyzing the Surface, Deep and Dark web to identify the emerging threat indicators and trends. For real-time threats emerging against your organization or industry, you can request a demo for free.