Not So Secret Messages

There are many different encrypted chat systems, like WhatsApp, Viber, Jabber, Wickr, and Signal. While each has their trade-offs, they all have useful niches. Regardless of the choice, there are three main areas where each uses encryption.

First, there's the data transfer from your computer (or mobile device) to the service. Many of these secure chat services rely on TLS. TLS (or SSL as those of us older folks still call it) has someseriousweaknesses. TLS is "better than nothing" security, but only slightly better.

Second, there's the relaying of the data. If you are strictly doing direct, one-to-one communications, then it's easy to have end-to-end encryption. However, group chats require the data to be encrypted separately to each user. With most of these systems, the data is securely encrypted between your device and the server. Then the server needs to re-encrypt the data in order to pass it to each recipient. This means that there is a small window where the data could be intercepted by the server admins.

If the server doesn't store anything, then the data is ephemeral. Data comes in, is decrypted, and then re-encrypted per user. A moment later, it's gone. Someone with a search warrant couldn't acquire the data because it's no longer there.

Some servers do store data. This way, you can connect and retrieve your undelivered messages. The best servers encrypt the data using your account's public key. Someone with a search warrant could get a copy of the encrypted data, but they could not decode it.

And finally, there is the issue of how data is stored on your local computer. If any data is stored locally, then it could be unencrypted, encrypted requiring a key that is local, or encrypted requiring a PIN that you enter. Only the latter case is secure; the other options mean that someone with physical access to the device could recover the data.

Of all of the chat systems that I've looked at so far, only one completely failed all three of these criteria: Telegram.

Telegram: Network Security

Starting with the network connectivity: Telegram uses strong encryption between the client's device and their server. Normally, I would give them high marks for this. However, they operate as a trojan protocol.

HTTPS is a well-defined protocol. It is HTTP over TLS and it uses TCP on port 443. Anything using port 443/tcp should be speaking TLS. Anything using 443/tcp without TLS is a trojan protocol: it uses a well-known port but doesn't speak the well-known protocol. Telegram uses their own encryption protocol over 443/tcp.

Telegram also always connects to their own servers (149.154.160.0/20).

So let's consider a commercial organization that doesn't permit people to use personal secure chat programs at work. (This is really common for companies that worry about corporate espionage or someone passing corporate confidential information outside the company. If you want private chats, then step outside and do it on your own time.) These companies have a couple of options. First, they can just block access to 149.154.160.0/20; this will completely cut off connectivity to Telegram. But second, they can use a stateful packet inspector. If they see any traffic on 443/tcp where the first data packet lacks the TLS header, then they know it's a trojan protocol and they can kill the connection (e.g., TCP RST or silently drop). These companies can also trivially find the IP address of the internal employee who is violating the corporate policy.

Although Telegram encrypts the communication, it is trivial to detect the traffic, block access, and identify the offending user.

Telegram: Server Storage and Encryption

While I was using Telegram and a packet sniffer ( Wireshark ), I noticed some interesting data transfers. While I was typing, there would be no network activity. But if I paused while typing, then after 3-5 seconds, there would be a transfer from my Telegram client to the server. They seem to be transferring my text to their server. I though that this could be related to saving as a draft message, except that drafts appear to be saved on the local file system (more about that in the next section).

But it gets worse: If I type a URL, then during the pause there would be a brief pop-up that says "Getting Link Info...". Since I own my own web server, I added in a URL to a non-existing web page on my site. This allowed me to see the request in the web logs:

149.154.161.14 - - [09/Mar/2020:14:10:22 -0600] "GET /NEAL-TEST HTTP/1.1" 301 5 "-" "TelegramBot (like TwitterBot)"

149.154.161.13 - - [09/Mar/2020:14:10:24 -0600] "GET /NEAL-TEST?abcd HTTP/1.1" 301 5 "-" "TelegramBot (like TwitterBot)"

149.154.161.5 - - [09/Mar/2020:14:10:47 -0600] "GET /NEAL-TEST?abcde HTTP/1.1" 301 5 "-" "TelegramBot (like TwitterBot)"

149.154.161.2 - - [09/Mar/2020:14:11:53 -0600] "GET /NEAL-TEST?abcdef HTTP/1.1" 301 5 "-" "TelegramBot (like TwitterBot)"

These logs show the few seconds of pause and the Telegram server (149.154.160.0/20) retrieving the web page. So the URL that I was typing in my draft message (never sent by me since I was still composing the message) went from my Telegram client to the Telegram servers. Moreover, the server did a 'GET' and not a 'HEAD' request. ('HEAD' is for checking if a URL exists. 'GET' can cause actions and receives full web page results.)

This tells me that the data is transferred using encryption to their servers. However, then the server decrypts it and accesses the raw, unencrypted text.

But it doesn't end there... If, after a few minutes, I edit the unsent URL and go back to a URL that it previously checked (e.g., going from "NEAL-TEST?abcd e " back to "NEAL-TEST?abcd"), then I see the same burst of data from my client to the server but the server never checks the URL. This tells me that the Telegram servers are caching the results. Closing the Telegram client and restarting it does not clear the cache (the server is caching the results, not the client) and redoing the check hours later doesn't recheck the URL. This means that someone with a search warrant could get a copy of your clear-text data.

Telegram: Local Storage and Encryption

On my local computer, Telegram stores a bunch of encrypted files. (I'm using a Mac and the files are in "~/Library/Containers/org.telegram.desktop/Data/Library/Application Support/Telegram Desktop/tdata".) They look like binary files and most of them start with "TDEF", denoting a Telegram Data Encrypted File .

The local directory also contains a "log.txt", which records in plain text the last time I ran Telegram. (This can be really useful to a forensic examiner if you use a backup system and have a history of these log files.)

For the encrypted files, I can associate the timestamps with my tests. For example, sending chats result in relatively small cached files -- one per chat. One day I transmitted a picture. This corresponded with a TDEF file that is larger than plain text (it stored my test picture). This means that someone can look at my computer and learn exactly when I used Telegram. Moreover, they can use the file size to approximate how it was used (small TDEF files for text, medium for pictures, and large for audio or video).

Since the data is stored locally, the question becomes: how easy is it to decrypt? As it turns out, it's not too difficult since the encryption keys are nearby. Over at github, there's a tool called telegram-desktop-decrypt that can decode text, images, and videos from the local files. There is also TelegramStorageParser and other tools for decrypting the local files. In other words, the data may be encrypted but it is readily decipherable by anyone with access to the local files.

Over at Medium, there's an interesting observation from 2018. According to Evgeniy Lazarev , Telegram has a setting to remove cache files but doesn't obey the setting. You may think that you are deleting old files from the local file system, but you're not really. Fortunately, he provided a quick script for forcefully deleting these files. (I haven't tested whether this is still the case since my cache isn't very large, but I do have an old cache that it doesn't seem to delete.) This means that your computer may store chats, images, and other sensitive content going back years.

Do Not Use

These "secure" chat tools are supposed to allow you to send encrypted messages. Most of them work as expected, even if they have some quirks. However, Telegram appears to receive, store, and cache the unencrypted messages on their servers. They access confidential URLs and cache URL results. Moreover, they store "encrypted" files on the local device that are readily decipherable.

Then again, what do you expect from a "secure" chat platform that is funded by a Russian oligarch and a former Russian cabinet minister? Seriously: Don't use Telegram.