Encryption App Telegram Probably Isn't as Secure for Terrorists as ISIS Thinks

The debate around encryption and its use by extremists is reaching fever pitch. In particular, media reports have picked up on ISIS and other terrorist groups' open endorsements of the encrypted messaging app Telegram on propaganda sites and extremist magazines.

But some experts say that Telegram may not be as secure as its jihadi advocates may like to believe.

Telegram is a free app for iOS, Android, and Windows phones, and also has desktop versions. The app has a "Secret Chat" function, which allows users to send end-to-end encrypted messages, meaning that only the intended recipients should be able to read them.

In September, the company's founder Pavel Durov claimed that the platform is used to send 12 billion messages everyday, and confirmed that ISIS uses the app. A site publishing ISIS propaganda endorses Telegram, and the Al Qaeda-linked Global Islamic Media Front, a group that essentially rubber-stamps security software for jihadis, advocated the use of Telegram for secure communications in a magazine last month.

However, in a blog post published Wednesday, the operational security expert known as "the Grugq" laid out several problems with the chat app that might hinder a terrorist from using it to communicate securely or anonymously.

"Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn't possibly think of a worse combination for a safe messenger," he wrote.

Because terrorists face more sophisticated and resourceful adversaries than the average user—such as nation states—they have more to worry about when it comes to security.

The Grugq points out that Telegram requires a working phone number to register. But, he writes, "Users will make security mistakes and register with their personal mobile numbers." Indeed, another pseudonymous researcher, known as "Switched," tweeted an apparent thread from an ISIS forum where users had signed up for Telegram with their own phone numbers. Linking a personal phone number to a service risks creating a trail of breadcrumbs for investigators to follow.

Telegram then uploads the user's contacts database to its servers. "This allows Telegram to build a huge social network map of all the users and how they know each other," the Grugq writes—obviously a concern if you're trying to run a clandestine network.

Telegram's encrypted chat function is not enabled by default either: users have to select to start a "Secret Chat," and it is not possible to encrypt an existing chat. The Grugq says this might lead to mistakes result in jihadis sending unencrypted messages.

Some experts are also worried about the encryption that Telegram uses.

"It's not obviously broken. Just really nonstandard," Matthew Green, an assistant professor at Johns Hopkins University, told Motherboard in a Twitter message. "For me that's a red flag." Nonstandard cryptography has not been as widely vetted as more standard alternatives.

To be fair, Telegram has hosted a competition to break the app's encryption with a prize pool of $300,000, but no one claimed it.

Green also suggests that Telegram might be susceptible to a certain man-in-the-middle attack, whereby an attacker could swap a target's encryption key for their own to listen in on a conversation.

This is because Telegram's key verification method consists of complicated pictures of blue-coloured squares, rather than an alphanumeric code like most other apps.

"I think it might be possible for a man in the middle to tamper with the fingerprint such that it's close, but not quite the same. But would fool most people on casual comparison," he said.

Even if a jihadi did manage to get an encrypted conversation running, and was reasonably sure it wasn't being listened in on, the metadata created by that exchange still reveals a lot about the individual and his actions.

"Anything using a mobile phone exposes a wide range of metadata," the Grugq noted. "In addition to all the notification flows through Apple and Google's messaging services, there [are] the IP traffic flows to/from those servers, and the data on the Telegram servers." This could be swept up by government surveillance programmes. (This metadata leakage is not unique to Telegram and applies to some other encryption apps too.)

Telegram did not respond to a list of questions asked by Motherboard.