Telegram is a messenger made popular by its promise to protect user privacy through the use of end-to-end encryption, as well as the secret chat tool where self-destructive content can be sent. The application gained greater notoriety last Sunday (9) due to leaked conversations between the current Minister of Justice Srgio Moro and the prosecutor of the Federal Public Ministry in Curitiba Deltan Dallagnol. According to a site report The Intercept Brasil, messages exchanged on the app raise suspicions that Moro, then judge of the 13th Federal Criminal Court of Curitiba, has extrapolated his duties by allegedly collaborating with the Lava Jato operation.
Wanted by TechTudo, Telegram rules out any possibility of data theft from its servers. The app's spokesperson claims that secret chat encryption protects data in transit between devices and stored on servers. Nothing, however, prevents information from being extracted directly from the user's device or from a hacked account.
Telegram Secret Chat: What It Is and How to Use Encrypted Messages
Telegram: Four Curious Functions
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
Telegram protects messages in transit and when they are stored in the Telegram cloud. In the six years of our existence, we share 0 bytes of data with third parties. Despite the heavy scrutiny, no way to undermine Telegram encryption has been discovered. Telegram applications do not contain hidden surprises because their open source code is available for study – Telegram.
What happened according to Telegram
Taking into account the protections of the application, Telegram raises two possibilities for the leak of conversation between Moro and Dallagnol. One of these involves account hijacking and history recovery on an unauthorized device. To do this, an attacker would need to access the SMS sent by the app to validate entry into a new device. This could be done in two ways: by intercepting the line (more sophisticated) or by hijacking the number using social engineering (simpler), a practice that has become common in Brazil with a focus on WhatsApp.
According to Telegram, the vulnerability could also be in the user's mobile phone, possibly infected with malware: No application can protect your information if the device itself is compromised, says Telegram. That is the possibility with which the authorities work. On Monday (11), the MPF issued a note confirming that the prosecutor's cell phones of the organ would have been hacked. I live, it is worth remembering, uses Android on Twitter. J Dallagnol posts tweets with iPhone.
Two types of encryption
Telegram has earned a reputation for selling itself as safer than the competition. It was one of the first applications to offer end-to-end encryption, a security method that scrambles a message and ensures that it can be decoded only by the end recipient. Data that travels from one device to another, therefore, is masked so that only members of the conversation can read its contents. This type of protection is only available in secret chat.
Already common conversations between two people or groups in Telegram have client-server encryption, a milder type of security that works between the user's device and the application's servers. Messages outside of secret mode, therefore, can be decoded in the Telegram cloud. According to the developers, this is the safest way to allow the user to access their conversations on more than one phone or computer. In contrast, the user must be confident that their information is safe in the application cloud.
Telegram X Secret Chat Password on Android Photo: Raquel Freire / TechTudo
Secret chat is a Telegram function intended for confidential conversations. The user has several handy tools for maintaining privacy, such as self-destructing text, images, audio and video, print warning and message forwarding block. In addition, this is the only end-to-end encryption mode of conversation that is considered most powerful for protecting information on the mobile phone.
The content is safer because it is only on devices where chat is started: even if the user uses Telegram on other devices, the story is not stored in the cloud and therefore cannot be retrieved elsewhere. Second, because, unlike ordinary app conversations, not even Telegram can read the data: only chat members' devices can decode the content.
Telegram secret chat has self-destruct function and cryptographic key screen Photo: Playback / TechTudo
Open source, Telegram allows its technology to be scrutinized by experts. In 2016, a study by the Electronic Frontier Foundation (EFF), an organization focused on the protection of civil rights in the digital environment, challenged the effectiveness of Telegram protections by negatively assessing the application in three key survey questions. The reason was linked to the app's use of two encryptions: one softer for common conversations, and another more sophisticated (end-to-end) only in the secret chat.
WhatsApp comes out ahead of Telegram by offering end-to-end encryption in every conversation. The user need not activate a special mode to protect messages with the best security. On the other hand, as WhatsApp is closed, there is no transparency for the expert community to audit your code.
How Telegram Message Security Works Photo: Helito Beggiora / TechTudo
There is also a question that involves how each application performs backups. WhatsApp makes local backups to enable the recovery of user conversation history. For this, they are saved to Google Drive (Android) or iCloud (iPhone). According to Telegram, however, these files bring more fragile protection that can be decoded by hackers.
To circumvent this supposed weakness, Telegram chooses never to perform backups on the user's device. Instead, the conversation history is always kept in the application cloud, where it can be retrieved to another device if the user wants it. The app therefore takes care of protecting the data stored on your servers. In secret chat, there is no backup and theoretically the message content cannot be recovered.