With $1.7 billion in the bank following its initial coin offering (ICO), Telegram has released its first crypto-friendly feature – but security researchers are skeptical.
As detailed in a blog post published today, Virgil Security, a U.S.-based startup, has identified several weaknesses in the new identity verification app, called Passport. While the company praised Telegram for publishing the application’s API as open source, allowing the code to be checked by other experts, Virgil Security detailed two problems with the app: how it encrypts data and how it protects stored data.
“Their commitment to openness gives security practitioners the opportunity to review their implementation and, ideally, help improve it,” Virgil Security’s Alexey Ermishkin wrote on the company’s blog, adding:
“Unfortunately Passport’s security disappoints in several key ways.”
Telegram has never publicly announced or verified the existence its billion-dollar ICO. But as documents started to leak earlier this year, it became clear that the company, more widely known for its chat app, aimed to compete with many of the services – from filesharing to encrypted browsing – that crypto startups had already proposed.
Plus, it wanted to bring blockchain-based payments to the Telegram chat app, which in recent years has become popular among the crypto community.
Payments and identity verification go hand-in-hand, making Passport a natural early offering from the company. Plus, disrupting the digital ID incumbents like Equifax, which keep data in centralized databases vulnerable to breach and abuse, has long been a shared goal of the cryptocurrency community, so it’s is a fitting place for Telegram to start.
In its blog post about the new product, Telegram promises that “your identity documents and personal data will be stored in the Telegram cloud using end-to-end encryption. It is encrypted with a password that only you know, so Telegram has no access to the data you store in your Telegram passport.”
It goes on to promise that, eventually, this data will be stored in a decentralized fashion, Identity was one of the components of the ambitious blockchain-based system that Telegram promised in its ICO technical whitepaper.
But from the looks of Virgil Security’s findings, Telegram needs to go back to the drawing board.
Virgil Security’s chief critique of Passport’s security is the way it encrypts its passwords.
In announcing Passport, Telegram released a considerable amount of information about how the system works. In particular, Virgil Security focuses on the fact that Telegram uses SHA-512 to hash passwords.
“It’s 2018 and one top-level GPU can brute-force check about 1.5 billion SHA-512 hashes per second,” they write.
It goes on to estimate that with enough computers, these passwords could be busted for anywhere from $135 to $5 each, depending on the strength of the passwords users chose.
However, before an attacker could begin its attack, it would need to first breach Telegram itself, as Virgil acknowledges.
“To access the password hashes, the attack would have to be internal to Telegram. The ways that could happen are numerous — insider threat, spearphish, one rogue USB stick, etc,” Virgil Security co-founder Dmitry Dain told CoinDesk.
And if lots of users begin using and in turn loading this data into Telegram’s Passport, it will make the company a very attractive target.
Telegram has long been criticized for taking its own approach to cryptography, rather than relying on established standards. That said, Telegram’s model has not been known to have been broken so far.
The other danger to users Virgil Security critiques is a bit more nuanced: the fact that the data uploaded to Passport isn’t signed.
By cryptographically signing data (an integral part of blockchain architecture broadly), users can quickly verify the data was loaded there by the person who claimed to have loaded it and it hasn’t been changed.
Without a cryptographic signature, an attacker could change some part of the data and no one would know.
The Virgil Security post argues:
“Now, when people see ‘end-to-end encrypted,’ they believe that their data will safely be sent to a third party without worries of it being decrypted or tampered with. Unfortunately, Passport users will have a false sense of confidence.”
Yet, with Virgil Security’s critiques and the newness of the product, it should be relatively simple for Telegram to harden its security (Virgil Security is one provider of end-to-end encryption).
Telegram did not immediately reply to a request for comment.