With the privacy awareness awakening sparked by Whats-App and Facebook’s announcement of new terms of service, a lot of users jumped to the alternatives of Signal and Telegram.
Unfortunately, due to specifics of Telegram’s operation, and a series of choices made by the makers of the platform, Telegram poses serious risks to Security, Privacy and exposure of Harmful Content to users.
David and Francois do a deep-dive into some of these issues to help make the risks clear to those who are using the platform.
01:37 Messenger vs Broadcast Platform?
05:47 Pornography & Harmful content access.
07:13 Harmful Content Protection Failure. Revenge Porn & CSAM.
09:14 Deepfake Bots
11:19 Telegram: The Dark Web Alternative.
13:57 Security Risks: C2 Attack Channel.
15:50 Problematic Fundamentals.
17:18 Encryption and Privacy Failures.
21:12 Telegram is hard to deny connectivity to create a safe device / network. Don’t Talk to Strangers (DTTS)® is required to deny Telegram Access.
23:14 Measure the risks to you, your systems and your people.
Links to external publications and research notes
Founders: Pavel Durov, Nikolai Durov
5 data centres around the world. Dubai headquartered.
No limit on data size and group / channel subscription size. This is not classified as a messenger anymore. This is now a public broadcast platform.
Dark net style use for cyber crime.
Child porn distributed via Telegram. Witnessed by 3rd party plug-in.
Deepfake bot
Apple blocked access on iOS to the bot.
Still accessible via Android and Mac Telegram app.
Sample C2 using telegram agent on GitHub:
Using Telegram as C2 system in the real world:
Check Point, which also issued this new Telegram warning, says it has “tracked 130 cyber attacks that used malware managed over Telegram by attackers in the last three months… Even when Telegram is not installed or being used, it allows hackers to send malicious commands and operations remotely via the instant messaging app.”
Malware targeting Crypto Wallets
Russia blocked it officially for 2 years, but brought down half their county’s Internet with the attempt:
Porn is readily available. Enabling “Sensitive Materials” provides search results to harmful content and sexual abuse material.
Chinese Sex Trafficking case.