As mentioned in the title, Ukraine has recently imposed restrictions on the use of the Telegram messaging app by government officials, military personnel, and employees within critical infrastructure. The National Coordination Centre for Cybersecurity (NCCC) announced the ban on Facebook.
According to Ukraine’s National Security and Defense Council (NSDC), Telegram is being “actively used by the enemy” to conduct cyber attacks, perform and analyse phishing attempts, and gather intelligence. This acquired intelligence could potentially assist the Russian military in targeting Ukrainian facilities with drones and missiles.
In response, Telegram stated that it has not provided any personal data to any country, including Russia, and assured that deleted messages are permanently erased without the possibility of recovery.
Not a paranoid decision
We discussed a bit about Telegram, while analysing the CEO’s arrest. While Telegram provides convenience and various features that appeal to a broad user base, the potential vulnerabilities and security concerns make it less suitable for sensitive government or military communications, in general.
Telegram’s official statement might be true, however there are security concerns:
No default end-to-end encryption
Telegram’s standard chats are not end-to-end encrypted by default. This can be an ok feature for various users that want to employ private chat, but for guverment institutions especially at war, when they rely on encrypted communication, this option alone should’ve excluded Telegram in first place.
The encryption protocol, it can be flawed
Telegram uses its own encryption protocol called MTProto, which hasn’t undergone the same level of scrutiny and evaluation as more established protocols like the Signal Protocol. This leaves us to wonder, what potential vulnerabilities could’ve been exploited by state-sponsored actors.
Infrastructure risks
Telegram’s servers are distributed globally, and the company has faced pressure from governments to provide access to user data. Even if the data was not provided, there are other methods for attackers to infiltrate and gather information.
A word about the metadata
Even without message content, for an encrypted message, metadata such as who communicated with whom, when, and from where can be valuable intelligence. Also, as any app, Telegram may collect IP addresses and device information, which could be used to track users’ locations.
Previous incidents
In the past, researchers have identified vulnerabilities in Telegram’s platform, including documented issues with how encryption is implemented.
Image by Andrzej from Pixabay