With $1.7 billion in the bank following its initial coin offering (ICO), Telegram has released its first crypto-friendly feature – but security researchers are skeptical.
As detailed in a blog post published today, Virgil Security, a U.S.-based startup, has identified several weaknesses in the new identity verification app, called Passport. While the company praised Telegram for publishing the application’s API as open source, allowing the code to be checked by other experts, Virgil Security detailed two problems with the app: how it encrypts data and how it protects stored data.
“Their commitment to openness gives security practitioners the opportunity to review their implementation and, ideally, help improve it,” Virgil Security’s Alexey Ermishkin wrote on the company’s blog, adding:
“Unfortunately Passport’s security disappoints in several key ways.”
Telegram has never publicly announced or verified the existence its billion-dollar ICO. But as documents started to leak earlier this year, it became clear that the company, more widely known for its chat app, aimed to compete with many of the services – from filesharing to encrypted browsing – that crypto startups had already proposed.
Plus, it wanted to bring blockchain-based payments to the Telegram chat app, which in recent years has become popular among the crypto community.
Payments and identity verification go hand-in-hand, making Passport a natural early offering from the company. Plus, disrupting the digital ID incumbents like Equifax, which keep data in centralized databases vulnerable to breach and abuse, has long been a shared goal of the cryptocurrency community, so it’s is a fitting place for Telegram to start.
In its blog post about the new product, Telegram promises that “your identity documents and personal data will be stored in the Telegram cloud using end-to-end encryption. It is encrypted with a password that only you know, so Telegram has no access to the data you store in your Telegram passport.”
It goes on to promise that, eventually, this data will be stored in a decentralized fashion, Identity was one of the components of the ambitious blockchain-based system that Telegram promised in its ICO technical whitepaper.
But from the looks of Virgil Security’s findings, Telegram needs to go back to the drawing board.
Virgil Security’s chief critique of Passport’s security is the way it encrypts its passwords.
In announcing Passport, Telegram released a considerable amount of information about how the system works. In particular, Virgil Security focuses on the fact that Telegram uses SHA-512 to hash passwords.
“It’s 2018 and one top-level GPU can brute-force check about 1.5 billion SHA-512 hashes per second,” they write.
It goes on to estimate that with enough computers, these passwords could be busted for anywhere from $135 to $5 each, depending on the strength of the passwords users chose.
However, before an attacker could begin its attack, it would need to first breach Telegram itself, as Virgil acknowledges.
“To access the password hashes, the attack would have to be internal to Telegram. The ways that could happen are numerous — insider threat, spearphish, one rogue USB stick, etc,” Virgil Security co-founder Dmitry Dain told CoinDesk.
And if lots of users begin using and in turn loading this data into Telegram’s Passport, it will make the company a very attractive target.
Telegram has long been criticized for taking its own approach to cryptography, rather than relying on established standards. That said, Telegram’s model has not been known to have been broken so far.
The other danger to users Virgil Security critiques is a bit more nuanced: the fact that the data uploaded to Passport isn’t signed.
By cryptographically signing data (an integral part of blockchain architecture broadly), users can quickly verify the data was loaded there by the person who claimed to have loaded it and it hasn’t been changed.
Without a cryptographic signature, an attacker could change some part of the data and no one would know.
The Virgil Security post argues:
“Now, when people see ‘end-to-end encrypted,’ they believe that their data will safely be sent to a third party without worries of it being decrypted or tampered with. Unfortunately, Passport users will have a false sense of confidence.”
Yet, with Virgil Security’s critiques and the newness of the product, it should be relatively simple for Telegram to harden its security (Virgil Security is one provider of end-to-end encryption).
Telegram did not immediately reply to a request for comment.
Research: Telegram Passport Is Vulnerable to Brute Force Attacks
The recently released personal identification authorization tool Telegram Passport from messenger app Telegram is vulnerable to brute force attacks, according to an Aug. 1 report by cryptographic software and services developer Virgil Security, Inc.
On July 26, Telegram announced the launch of Telegram Passport designed to encrypt users’ personal ID information and let them share their ID data with third parties such as initial coin offerings ICOs, crypto wallets, and anyone complying with know your customer (KYC) regulations.
Users’ data is kept on the Telegram cloud using end-to-end encryption, subsequently moved to a decentralized cloud, which cannot decrypt personal data as it is seen as “random noise.” However, in their recent research Virgil Security raised concerns about password protection in the service.
According to Virgil Security, Telegram uses SHA-512, a hashing algorithm that is not meant to hash passwords. This algorithm reportedly leaves passwords vulnerable to brute force attacks, even if it’s salted. In cryptography, a salt is random data added as an extra secret value to the end of the input, which extends the length of the original password, providing some additional protection.
When a user encrypts personal data, it is reportedly uploaded to the Telegram cloud, and when a user needs to confirm authenticity on a third party service, they decrypt that data and re-encrypt it for that service’s credentials. All these factors reportedly contribute to potential exposure of a user’s password hash table to very efficient hacker attacks. The firm further explains:
“The security of the data you upload to Telegram’s Cloud overwhelmingly relies on the strength of your password since brute force attacks are easy with the hashing algorithm chosen. And the absence of digital signature allows your data to be modified without you or the recipient being able to tell.”
In March, founders of Telegram, Pavel and Nikolai Durov reported they had raised $850 million in the second round of their ICO aimed at the development of the Telegram messenger app and its own blockchain platform Telegraph Open Network (TON). Later in May, Telegram’s plan to launch an ICO was canceled due to the fact that the messaging app had attracted enough funds during their two private ICO rounds.