

Bypassing the Telegram authentication protocol [pdf] - mweibel
http://cert.inteco.es/extfrontinteco/img/File/intecocert/EstudiosInformes/INT_Telegram_EN.pdf

======
phlo
Full-Disclosure is recently flooded with dubious submissions like this one.
The author proposes replacing the Telegram App with a trojanized version which
he then proceeds to MITM. This is not a vulnerability, "it rather involves
being on the other side of this airtight hatchway [1]."

[1] The Old New Thing has a slew of similar "exploits" and well-explained
comments on why they're false. As they aren't properly tagged, I coulnd't find
a nice link -- but the blog is fun to browse and read:
[http://blogs.msdn.com/b/oldnewthing/](http://blogs.msdn.com/b/oldnewthing/)

~~~
jodrellblank
E.g.
[http://blogs.msdn.com/b/oldnewthing/archive/2006/05/08/59235...](http://blogs.msdn.com/b/oldnewthing/archive/2006/05/08/592350.aspx)

~~~
phlo
Thanks! This search query appears to catch most of 'em:
[https://www.google.ch/search?q=site:blogs.msdn.com+intitle:%...](https://www.google.ch/search?q=site:blogs.msdn.com+intitle:%22it+rather+involved+being+on+the+other+side+of+this+airtight+hatchway%22&es_sm=91&biw=1266&bih=1026&noj=1&filter=0)

------
jvdh
TL;DR version Telegram is completely open-source and has an open API. There is
no PKI, so the public key of the Telegram is hard coded in the application.

An attacker could simply take the source code, change the server IP and
public-key and has a working MITM, if he can somehow make the user install
this one instead of the original.

~~~
saurik
As soon as you have "somehow make the user install this one instead of the
original" as a step, nothing is safe from MITM attacks.

------
raimue
The claim in the title is plain wrong, this is not a vulnerability in the
authentication protocol itself.

Money quote:

    
    
      What should an attacker do to launch the attack?
      Briefly, he would have to change Telegram’s public key (and the IP address,
      or perform a “live” spoofing attack), included in the client, and distribute
      the malicious client to the victim(s).
    
    

For comparison, this would be equivalent to editing entries in
~/.ssh/known_hosts of the victim and then make them use ssh to your server for
a MITM attack. Or rather, if you get someone to use a manipulated SSH client,
they are vulnerable. Would you consider this a flaw in the SSH authentication
protocol?

------
eps
So he suggests to have users connect to (a) attacker's server (b) using
attacker's public key for authentication.

That's from the same domain as planting a fake CA cert on the client and then
proxying its SSL connections.

------
homakov
This is BS

