Ever since WhatsApp-NSO group spyware incident that affected 1,400 select users globally, including in India, people on social media platforms are expressing their intent to switch to other messaging platforms like Telegram and Signal, claiming that these platforms are more secure. But, are they? Unlike WhatsApp and Apple iMessage, Telegram conversations aren't encrypted end-to-end by default. The users need to select the "Secret Chat" feature for an extra layer of security.  However, a recent research paper from Massachusetts Institute of Technology (MIT) has listed striking flaws in Telegram.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

It says that Telegram uses its own proprietary messaging protocol called "MTProto", which lacks scrutiny from outside cryptographers. Founded in 2013, Telegram follows a conventional approach of using a Cloud storage for its data.

"This means that if an adversary is able to gain control of their server system, they will have access to (at least) unencrypted messages and definitely to all the metadata," wrote MIT researchers Hayk Saribekyan and Akaki Margvelashvili.

The researchers said that this app asks for the contact list from the phone/desktop and stores them on its servers. They added that this provides huge social network information to them that can either be attacked on their servers or can be possibly sold to different authorities without users' consent. According to MIT researchers, even while using the "Secret Chat" to communicate, Telegram's mobile application makes it possible for the third parties to observe the metadata information.

WATCH Zee Business TV LIVE Streaming Online -

"For example, adversaries can learn when users go online or offline with down-to-the-second accuracy. Telegram does not require agreement from both parties to set up the communication between them. For this reason, an attacker might connect to the user and they will receive the metadata information without the user knowing anything about this," the MIT team elaborated.

Another popular messaging app, Signal is not completely safe either.

"They are not necessarily better. Yes, hackers and governments may pay less attention to Telegram and Signal because of their smaller base. And Signal is open-source, so techies can check the code for vulnerabilities and fixes," tech policy and media consultant Prasanto K Roy told IANS.

WhatsApp remains the most popular chat app with 1.5 billion global users -- 400 million in India. Russia-headquartered Telegram has 200 million users globally, while Signal has more than 10 million. Both Telegram and Signal record a spike in users whenever there is a security breach or global outage with WhatsApp.