Basically, the problem is that they invented a lot of their own crypto from scratch. When asked about this, they said "it's fine, we're smart" and then claimed to prove their security with a red herring contest.
Here are some publications about security problems with the platform:
- A class project at MIT found several problems (May 2017) [0]
- They were featured on Crypto Fails (Dec 2013) [1]
- Jakob Jakobsen @ Aarhus University published a vulnerability discovery (May 2015) [2] and then did his Masters thesis on additional problems (Sep 2015) [3]
-Tomas Susanka @ Czech Technical University in Prague published additional vulnerabilities (2016) [4]
Here are some publications about security problems with the platform:
- A class project at MIT found several problems (May 2017) [0]
- They were featured on Crypto Fails (Dec 2013) [1]
- Jakob Jakobsen @ Aarhus University published a vulnerability discovery (May 2015) [2] and then did his Masters thesis on additional problems (Sep 2015) [3]
-Tomas Susanka @ Czech Technical University in Prague published additional vulnerabilities (2016) [4]
Plenty more out there.
[0] https://courses.csail.mit.edu/6.857/2017/project/19.pdf
[1] http://www.cryptofails.com/post/70546720222/telegrams-crypta...
[2] https://eprint.iacr.org/2015/1177.pdf
[3] http://cs.au.dk/~jakjak/master-thesis.pdf
[4] https://www.susanka.eu/files/telegram-article.pdf