Telegram is one of the most popular communication platforms for cryptocurrency enthusiasts. It boasts 365 million users, with over 15 billion daily messages being sent. The average Telegram user sends 150 messages per day, and yet with all this said, an astonishing 0 USD has been spent on advertising.
Aside from being a shining example of how extreme growth can happen through good product design and the network effect, Telegram’s claim to fame is its emphasis on security.
However, a design “feature” has been exploited for a second time which allows for the identification of phone numbers to identities from within public groups. This is particularly dangerous for pro-democracy protestors in Hong Kong who are using the China-banned Telegram app to communicate securely. This is despite any user settings to keep their phone numbers private because Telegram utilizes phone numbers as unique IDs to create accounts and to reduce spam accounts.
“We have suspected that some government-sponsored attackers have exploited this bug and use it to target Hong Kong protesters,” Chu Ka-Cheong, a local software engineer, tweeted. “In some cases posting immediate dangers to the life of the protestors.” -@edwincheese
This isn’t the first time China has targeted Telegram. July 12, 2019, China hit Telegram with a DDoS attack, crippling important communications.
Telegram founder and CEO, Pavel Durov, tweeted that the IP addresses behind the attacks were from China. “Historically, all state actor sized DDoS (200-400 GB/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception.”
This is important because the July attack was during a major escalation of Hong Kong protests, and protests had just become violent; both WhatsApp and Telegram were targeted and various group administrators were arrested. Lives were at stake.
And not for the first time. The largest security breach on Telegram in which 15 million of 20 million Iranian users were identified was another compromise on phone numbers and identity. This jeopardized activists, journalists, and any person in a sensitive position.
To be clear, Telegram is an altruistic project. Estimates range, but costs are guessed to be around 1 million USD per month for the maintenance of Telegram. There is no current business model.
The venture, founded by the Russion brothers Pavel Durov and Nikolai Durov, is valued at 3-5 Billion, and yet it “will never be up for sale” as they believe that messaging apps “shouldn’t make money”.
Pavel Durov is the founder of VK, the facebook equivalent in Russia, and he and his brother were forced to flee Russia. He is a known cryptocurrency enthusiast as he was estimated to have fled Russia with 2000 Bitcoins valued at 300 million USD.
“We believe in fast and secure messaging that is also 100% free.
“Pavel Durov…supplied Telegram with a generous donation, so we have quite enough money for the time being. If Telegram runs out, we will introduce non-essential paid options to support the infrastructure and finance developer salaries. But making profits will never be an end-goal for Telegram.”
While no messages or otherwise private information were leaked in this case, code vulnerabilities have been discovered in the past such as hiding HTML code within an image, and upon clicking the image, the code gains full access to the target’s messages, shared photos and videos, and contact list.
These attacks on Telegram, a messaging app far more secure and private than most messaging apps with a strong brand reputation, identify three general types of attacks:
- DDoS attack.
- Identity attack.
- Malicious infiltrating code.
Elastos technology is exactly designed to deal with all these; Carrier, Trinity, and DID Sidechain architecture prevents these types of security concerns. Several articles have been written on exactly how Elastos can create a secure, sandboxed environment, and distribute unique and anonymous IDs to protect user information and privacy. The most recently published article can be found here.
The potential for adoption, and the need for Elastos technology has been made quite clear by the present days, not only by Telegram, but every day news of cyber attacks and data theft floods the mainstream media.
Even the most secure, centralized applications with a pristinely selfless model of business like Telegram retains the same vulnerabilities of our inherited Internet.
The bottom line is that once ready, with the right apps made available, Elastos is positioned to expand well beyond a single messaging app valued at 5 billion.