The terrorist groups are encouraging its followers to use Telegram to make their propaganda invisible from law enforcement, but some security experts believe that Telegram may not be as secure as jihadi advocates may like to believe.
Telegram is an end-to-end encrypted messaging service that has been adopted by a lot more people than ISIS — as of last year, the company claimed more than 50 Million Telegram users sending 1 Billion messages per day.
Terrorists love Telegram because it not only provides an encrypted Secret Chat feature that lets its users broadcast messages to unlimited subscribers but also offers self-destructing message allowing users to set their messages to self-destruct itself after a certain period.
Is Telegram Really Secure?
In a blog post published Wednesday, the security researcher known as "the Grugq" pointed out several issues with Telegram that might obstruct terrorists from using it.
Here's the list of issues with Telegram:
1. Error prone
Telegram's end-to-end encrypted chat feature is not enabled by default. One has to select Secret Chat before start chatting, and it is not possible to encrypt an existing conversation.
2. Contact Theft
Telegram requires you to register a working phone number and uploads the entire Contacts database to its servers, helping it create a trail of breadcrumbs for law enforcement and investigators to follow.
"This allows Telegram to build a huge social network map of all its users and how they know each other," the Grugq wrote in his blog post.
3. Leak Voluminous Metadata
The use of a mobile phone can expose a wide range of metadata. Even if secure chat is enabled, law enforcement can collect other Metadata for sure by compromising the servers.
This could help them track down who talked to whom, at what time, from which location, which will be an enough information for agencies seeking for possible suspects.
For Example: If A and B are communicating with each other on encrypted channel, and A is on the suspect list of agencies, then they can at least figure out the connection between both using this Metadata.
4. Wonky Homebrew Encryption
Some security experts are also worried about the encryption that Telegram uses, although its encryption hasn't been publicly broken.
Telegram has announced a contest to crack the app's encryption with a prize money of $300,000, but nobody claimed it.
However, when it comes to nation-state adversary, one wouldn't trust encryption protection in Telegram, as the app might work for the average user, but is not secure enough for terrorists.
Whatever be the privacy concerns regarding Telegram, the good news is:
Telegram has blocked 78 ISIS-affiliated Channels that the terrorist used to communicate with their members, spread propaganda and plan operations.