Telegram has been making noise in the past year, particularly when it announced its grand vision of building a TON or Telegram Open Network, a blockchain-based platform built within its messaging app. Telegram, with 200 million active users, will use TON to provide a wide range of services for its users including file storage, payments, censorship-proof browsing, and decentralised app hosting.
According to the white paper, Telegram’s initial goal was to raise $1.2 billion through invite-only private investors and public open sale. The fund will be for developing TON. Fortunately for the company, they were able to successfully raise $1.7 billion in its initial coin offering before closing its ICO. However, security experts are not very keen on TON.
What is Telegram?
Launched in 2013 by Pavel and Nikolai Durov, Telegram is a cloud-based messaging app and voice-over IP service available for iOS, Android, Windows Phone, macOS, Linux, and Windows NT. The said app allows its users to send messages, photos, videos, audio and other types of files.
The Durov brothers are also responsible for founding VK, a Russian social network, which is under the Mail.ru Group. Nikolai took over the creation of the MTProto protocol that became the foundation of the messenger whilst Pavel funded and provided infrastructure support via his Digital Fortress fund together with Axel Neff.
The Telegram messenger, according to its white paper, is not profit-driven. However, it is not registered as a non-profit organisation as well. It is currently registered as an American and an English LLC (limited liability company). The company does not disclose any of its offices but the team is known to move from country to country. They initially had a headquarters in Berlin but moved to Dubai. Some reports also claim the company has employees working from St. Petersburg.
The company claims that its client-side code is an open-source software whilst the server-side code is closed-source and proprietary. As mentioned, the service also provides APIs to independent developers.
According to the company, all media files and messages sent through Telegram are encrypted when it is on its servers. The encryption is also applicable to its client-server communication. Telegram claims that their service also has end-to-end encryption for voice calls. Users can also choose to encrypt any “secret chats” between users.
Telegram Accounts Accessibility
Users can create their telegram accounts using their telephone numbers, which will be verified by either a phone call or an SMS. Like Facebook’s Messenger, users can have multiple devices connected to the account, which they can edit accordingly. Telegram users can also use an alias or alternate ID to send and receive messages without letting the recipient know their personal number. Telegram accounts can be deleted by the users but the company will automatically delete accounts that are inactive for six months.
The authentication method for Telegram users for logins is SMS-based single-factor authentication. The system will send a one-time passcode to the user so they can access their cloud-based messages. However, several reports noted that individuals from Iran, Russia, and Germany intercepted these passcodes. The company has since issued a recommendation to enable two-factor authentication for accessing login passwords in the mentioned countries.
Telegram’s Security Model Not Secure Enough?
Telegram’s messages are all cloud-based and users can only access them in connected devices. They can share pictures, audio and video files, and other types of files up to 1.5G in size. An individual or a group with 100,000 members can receive the messages sent via the app. The difference with Facebook’s Messenger is that both the sender and recipient can edit and delete the messages within 48 hours.
Messages transmitted into the Telegram Messenger servers use encryption by the MTProto protocol. This encryption prevents physical intruders to access information about the user. However, this security model has been the subject of criticism among cryptography experts. The general security model of storing all contacts, messages, media with the decryption keys permanently without enabling the end-to-end encryption by default has been a source of concern for security experts.
In addition to the security issues with Telegram Messenger, Virgil Security, a US-based startup, mentioned various weaknesses in Telegram’s new identity verification app, Passport. Passport is a unified authorization method for services that require identification. Users would only need to upload their personal documents once. Afterward, they can instantly share these with services that require personal identification such as financial institutions and ICOs.
Data Encryption and Protection
Whilst the startup praised the company for releasing the app’s API, Virgil Security sees a problem with data encryption and protection.
Offering payments and identity verification in one application is indeed a great offering from the company. It has, in fact, disrupted present identification giants such as Equifax known to keep user data in centralised databases prone to breach and abuse.
Telegram posted on its blog that the company promises to store personal information and documents within a cloud with end-to-end encryption. This means the company will have no access to the password or any data stored in the Telegram passport.
However, Virgil Security points out that there is a problem with how Telegram encrypts its password. Telegram makes use of SHA-512 to hash passwords, which can be easily busted with brute force.
Despite the numerous security concerns, Telegram continues to enjoy a massive demand for its messaging app. Telegram Gram crypto token already gave birth to a secondary market for token buying and selling. Some individuals already posting huge returns. Early Telegram investors enjoy a 3.5-fold increase in their token value since they purchased it during the ICO. Some sources claim that early buyers of the tokens are now selling for more than thrice its initial price.
Telegram: Beneficial or Disruptive?
Telegram offers a platform where users can send messages, media files, and even payments. Innovation that is fitting for applications that benefits a lot of people. Usable across multiple devices, Telegram provides each user with a huge storage amount. This allows them to save and download files without worrying about losing them. If Telegram will improve its security measures, the company will continue to disrupt the growing market of cryptocurrency and cloud-based messaging.