points by nwh 12 years ago

We already know the system is hopelessly vulnerable to server side MITM attacks, it makes no effort to defend against that attack model. It's mentioned in the comments that they might do manual key verification in the future, but that doesn't happen now. Compromise is silent.

paveldurov 12 years ago

Let me respectfully disagree with you here. Secret Chats in Telegram provide users with a way to detect a server-side MITM attack. http://core.telegram.org/techfaq#q-how-are-telegram-users-pr...

  • nwh 12 years ago

    That only protects against a MITM between peers who have communicated with a "secret chat" previously, not two fresh peers. As "secret charts" are disabled by default it's not really a defence against infiltration; users will presumably only enabled the "secret chat" mode when they have something sensitive to talk about.

    When they do enabled it for the first time, we can instantly MITM them using the attack against the "image verification" I mentioned lower down (https://news.ycombinator.com/item?id=6932053), and we can assume that the conversation is worth our while listening in on. The user will hopefully expose themselves in the belief that they are safe, and the game is over.

  • h0cked 12 years ago

    It's simple unauthenticated Diffie-Hellman key agreement, which is known for MITM attack. Yes, you ask A to accept B's identity upon key exchange, but to what extend A would know B is really B not the server playing along? A plausible method would have A and B exchange certificates separate from the Diffie-Hellman key exchange process, and use those as the identity verification mechanism.

Ihmahr 12 years ago

Not only is it possible, they are doing it already. I installed telegram on two devices (android and ipad) and they somehow were both able to decrypt incoming messages. How did the second device get the key..?

  • nwh 12 years ago

    Ah! You were mistaken in the functioning of the service (I thought this might happen). You have to specifically ask for a secure chat with a button press, normally everything is effectively plaintext.

sillysaurus2 12 years ago

Is that really the case? Would you mind linking to that? Because if that's true, then this contest is dangerously misleading.