

How I Hacked Telegram’s “Encryption” - PaulSec
http://blog.zimperium.com/telegram-hack/

======
paulsecwhatt
TL;DR - the author claims to have hacked their encryption by reading the
messages in phone memory.

I don't understand how this is a valid exploit/vulnerability? How would any
device, Android or not, render the actual picture of the message on the GPU
without having the unencrypted string in memory? It's not possible. If you
have local memory/code execution, you will ALWAYS have access to the messages
any client application is rendering/using.

~~~
itistoday2
Yeah, the memory thing didn't impress me. More concerning though is that
apparently messages are stored in plain text on disk in that cache4.db file.
It's not clear to me whether they are deleted when the app quits or what.

~~~
ch0wn
The files under `/data/data/[pkgname]` are only readable by the corresponding
application. Encrypting them wouldn't add any security as the key for that
cache would also be stored on the device.

~~~
itistoday2
> _Encrypting them wouldn 't add any security as the key for that cache would
> also be stored on the device._

That's why you use a user-derived key (i.e. based on the pin or w/e).

------
treeform
I am not even a security novice, but isn't getting root on the devices
basically a game over? The suggestions the author hard to encrypt the stuff in
memory and on disk would just add a extra step for the attacker to find the
key? If they key had to be entered by the user every time the attack can just
wait until the user does so? If thats too hard... just monitor the user. With
root you can just wait and take screen shots... (as the author shows) which
would work for any thing the user does ever and is simpler?

~~~
theonewolf
Precisely. Also perhaps why Telegram didn't respond.

This is an OS-/device-level attack---not an app exploit/attack.

------
dustyfresh
The attack vector wasn't even through the Telegram application but depending
on if you get access to disk or memory. Sure that's not hard to do...but it's
still safe in-transit? A pretty interesting read, but I'm not seeing the
leetness here.

------
eugeneionesco
This is clickbait unfortunately, his attacks require root access on the
device.

------
moe
tldr; End-to-end encryption does nothing when an adversary controls one of the
ends.

I'd say this guy is trying a little too hard to promote his "Zimperim Mobile
Security" brand here...

~~~
rdudek
I did notice the same thing. As soon as I saw root access needed, I pretty
much took everything else with a grain of salt. It's always game over if the
attacker can get their hands on the device.

I am not knowledgeable in this field and I would like to learn more how to do
most of these things, what would be a good resource to start off with?

------
packetized
Also neat that you really can recompose the entire conversation, as the
timestamps are clearly available in the DB.

Offset 0056e1c, 0x54ba8a1d is unixepoch 1421511197 - which is January 17th, at
16:13:17GMT - which, given that the author is in Tel Aviv (GMT+2), corresponds
with the 6:13PM timestamp for 'Shlookiedo' seen in the photos.

------
chatmasta
I find it hard to believe that Telegram did not respond to the author. How can
one company simultaneously host a $200k security contest, yet not respond to a
simple email disclosing a vulnerability?

~~~
IshKebab
Because this isn't really a vulnerability. It's "if you completely control the
device that is sending/receiving encrypted messages, you can read the
messages."

There's literally no way to defend against this attack. About the best they
could do is show a warning like "Warning: The version of Android you are using
contains vulnerabilities attackers could use to take control of your phone.
Please update your softw... buy a new phone to get the latest version of
Android."

~~~
theonewolf
Yeah...it doesn't feel like a true vulnerability...feels like just padding the
"vulnerability" counter :p

