Over the weekend, a video clip of Telegram’s founder Pavel Durov talking to Tucker Carlson caught the attention of many. Durov mentioned that he is the only product manager at the company and has around 30 engineers working for him. While Durov boasted about the efficiency of his Dubai-based company, security experts raised concerns about the implications of having such a small team.
Matthew Green, a cryptography expert from Johns Hopkins University, pointed out that Telegram lacks default end-to-end encryption, unlike Signal or WhatsApp. Users need to enable “Secret Chat” to secure their messages, and doubts have been raised about the quality of Telegram’s encryption since the company uses its proprietary algorithm.
Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, highlighted that Telegram is not just a messaging app but also a social media platform, collecting a vast amount of user data. With only 30 engineers on board, there are concerns about handling legal requests, abuse, and content moderation issues effectively.
Galperin also expressed doubts about the quality of the engineering team, making Telegram vulnerable to threats. The lack of privacy or compliance personnel raises questions about data security practices within the company. Additionally, the absence of a chief security officer and unclear information about the number of engineers dedicated to platform security add to the worries.
Despite having nearly one billion users, Telegram’s limited cybersecurity resources make it an attractive target for hackers. SwiftOnSecurity emphasized the significant investment required for robust cybersecurity measures, suggesting that even large companies may not be allocating sufficient resources to protect themselves adequately.
With a user base that includes individuals from various backgrounds, such as crypto enthusiasts, extremists, hackers, and purveyors of disinformation, Telegram presents a challenging environment for security. The platform’s vulnerabilities, combined with its popularity among potential threat actors, raise serious concerns about its ability to defend against sophisticated cyberattacks.
In conclusion, experts have long cautioned against viewing Telegram as a highly secure messaging platform. Durov’s recent statements have only reinforced these concerns, indicating that the platform’s security posture may be even weaker than previously believed.
