How I Hacked Telegram’s “Encryption” (opens in new tab)

(blog.zimperium.com)

40 pointsPaulSec11y ago17 comments

17 comments

TL;DR - the author claims to have hacked their encryption by reading the messages in phone memory.

I don't understand how this is a valid exploit/vulnerability? How would any device, Android or not, render the actual picture of the message on the GPU without having the unencrypted string in memory? It's not possible. If you have local memory/code execution, you will ALWAYS have access to the messages any client application is rendering/using.

itistoday211y ago

Yeah, the memory thing didn't impress me. More concerning though is that apparently messages are stored in plain text on disk in that cache4.db file. It's not clear to me whether they are deleted when the app quits or what.

bdotdub11y ago

Yeah, I'm feeling like the quotes should be around "Hacked", and not "Encryption"

ch0wn11y ago

The files under `/data/data/[pkgname]` are only readable by the corresponding application. Encrypting them wouldn't add any security as the key for that cache would also be stored on the device.

1 more reply

treeform11y ago

I am not even a security novice, but isn't getting root on the devices basically a game over? The suggestions the author hard to encrypt the stuff in memory and on disk would just add a extra step for the attacker to find the key? If they key had to be entered by the user every time the attack can just wait until the user does so? If thats too hard... just monitor the user. With root you can just wait and take screen shots... (as the author shows) which would work for any thing the user does ever and is simpler?

theonewolf11y ago

Precisely. Also perhaps why Telegram didn't respond.

This is an OS-/device-level attack---not an app exploit/attack.

dustyfresh11y ago

The attack vector wasn't even through the Telegram application but depending on if you get access to disk or memory. Sure that's not hard to do...but it's still safe in-transit? A pretty interesting read, but I'm not seeing the leetness here.

eugeneionesco11y ago

This is clickbait unfortunately, his attacks require root access on the device.

moe11y ago

tldr; End-to-end encryption does nothing when an adversary controls one of the ends.

I'd say this guy is trying a little too hard to promote his "Zimperim Mobile Security" brand here...

rdudek11y ago

I did notice the same thing. As soon as I saw root access needed, I pretty much took everything else with a grain of salt. It's always game over if the attacker can get their hands on the device.

I am not knowledgeable in this field and I would like to learn more how to do most of these things, what would be a good resource to start off with?

packetized11y ago

Also neat that you really can recompose the entire conversation, as the timestamps are clearly available in the DB.

Offset 0056e1c, 0x54ba8a1d is unixepoch 1421511197 - which is January 17th, at 16:13:17GMT - which, given that the author is in Tel Aviv (GMT+2), corresponds with the 6:13PM timestamp for 'Shlookiedo' seen in the photos.

chatmasta11y ago

I find it hard to believe that Telegram did not respond to the author. How can one company simultaneously host a $200k security contest, yet not respond to a simple email disclosing a vulnerability?

IshKebab11y ago

Because this isn't really a vulnerability. It's "if you completely control the device that is sending/receiving encrypted messages, you can read the messages."

There's literally no way to defend against this attack. About the best they could do is show a warning like "Warning: The version of Android you are using contains vulnerabilities attackers could use to take control of your phone. Please update your softw... buy a new phone to get the latest version of Android."

theonewolf11y ago

Yeah...it doesn't feel like a true vulnerability...feels like just padding the "vulnerability" counter :p

theonewolf11y ago

Perhaps because the attacks/exploits were more against the device/OS and not against the app itself?

It is unsurprising that text can be found unencrypted in memory---even while during rendering it has to be decrypted somewhere.

The only mildly surprising/troubling thing was unencrypted data stored in the file one disk on the phone.

chatmasta11y ago

I think at this point we are getting into the semantics of what qualifies as a "vulnerability." I agree there's very little telegram can do about this, but that doesn't lessen the validity of the attack. At the very least, they could respond to the bug report. To ignore it seems highly unprofessional.

j / k navigate · click thread line to collapse

17 comments

paulsecwhatt11y ago

TL;DR - the author claims to have hacked their encryption by reading the messages in phone memory.

itistoday211y ago

bdotdub11y ago

Yeah, I'm feeling like the quotes should be around "Hacked", and not "Encryption"

ch0wn11y ago

The files under `/data/data/[pkgname]` are only readable by the corresponding application. Encrypting them wouldn't add any security as the key for that cache would also be stored on the device.

1 more reply

treeform11y ago

theonewolf11y ago

Precisely. Also perhaps why Telegram didn't respond.

This is an OS-/device-level attack---not an app exploit/attack.

dustyfresh11y ago

eugeneionesco11y ago

This is clickbait unfortunately, his attacks require root access on the device.

moe11y ago

tldr; End-to-end encryption does nothing when an adversary controls one of the ends.

I'd say this guy is trying a little too hard to promote his "Zimperim Mobile Security" brand here...

rdudek11y ago

I did notice the same thing. As soon as I saw root access needed, I pretty much took everything else with a grain of salt. It's always game over if the attacker can get their hands on the device.

I am not knowledgeable in this field and I would like to learn more how to do most of these things, what would be a good resource to start off with?

packetized11y ago

Also neat that you really can recompose the entire conversation, as the timestamps are clearly available in the DB.

chatmasta11y ago

I find it hard to believe that Telegram did not respond to the author. How can one company simultaneously host a $200k security contest, yet not respond to a simple email disclosing a vulnerability?

IshKebab11y ago

Because this isn't really a vulnerability. It's "if you completely control the device that is sending/receiving encrypted messages, you can read the messages."

theonewolf11y ago

Yeah...it doesn't feel like a true vulnerability...feels like just padding the "vulnerability" counter :p

theonewolf11y ago

Perhaps because the attacks/exploits were more against the device/OS and not against the app itself?

It is unsurprising that text can be found unencrypted in memory---even while during rendering it has to be decrypted somewhere.

The only mildly surprising/troubling thing was unencrypted data stored in the file one disk on the phone.

chatmasta11y ago

j / k navigate · click thread line to collapse