The secure messaging app Telegram is significant for two very different reasons. One is that the app is a go-to encrypted communication tool for hundreds of millions of users around the world, particularly those looking to duck government surveillance and censorship in countries like Russia and Iran. The other is that many cryptography experts have cast doubt on the integrity of Telegram's encryption scheme. A new report from the web security firm Forcepoint, about Telegram's use of bots, has implications for both Telegram's users and its critics.

Telegram bots are small programs that can embed in Telegram chats or public channels and perform a specific function. They can offer customized keyboards, produce cat memes on demand, or even accept payments and act as a digital storefront. Bots are popular on Telegram, because they're fun and convenient, and Telegram has supported them since 2015. They are essentially automated Telegram accounts; you can just add them to chats and channels as you would a friend. But while researching the bot platform, Forcepoint realized that the feature doesn't incorporate the encryption algorithm Telegram uses to protect its chats. As a result, adding a bot to a chat or channel undermines its security, potentially making it easier for a third party to intercept messages.

"This is something that affects you if you are operating a bot or are in a channel with bots," says Luke Somerville, head of special investigations at Forcepoint. "I’ll be honest, it surprised us when we realized that the bot security is that different than how normal messaging works."

Specifically, Telegram bots don't use MTProto, Telegram's encryption protocol, which creates the framework in which users' messages to each other are scrambled and illegible while in transit between a sender and recipient's devices. While researchers have raised various concerns about MTProto over the years—Telegram maintains it is sound—if you trust Telegram with your secure communications, you're trusting MTProto.

"A bot would dramatically undercut the security properties of a chat." Kenn White, Open Crypto Audit Project

But Telegram's bot platform relies instead on the transport layer security protocol used in HTTPS web encryption. TLS is great for a lot of things but isn't robust enough to act as the only encryption in a secure communication service meant to provide advanced protection. That's why apps like Signal and WhatsApp use the Signal Protocol, and Telegram has MTProto. By building its bot platform without MTProto, though, Telegram creates a situation where introducing a bot to a chat or channel essentially downgrades its encryption.

Forcepoint made the discovery in an unexpected way. Security researchers have previously found Telegram bots that command and control malicious Android apps, and even exfiltrate data from Telegram chats through the Telegram bot API used by developers. Bots' deep integration into the app make them a popular pawn in attack strategies. While researching one such malware scheme, Forcepoint accidentally discovered that Telegram chats that include bots have reduced security.

The researchers probed a sample of remote management malware dubbed GoodSender and identified the mechanism within the code that awaited commands from a Telegram bot. The malware included two pieces of Telegram identification and authentication information—called the bot API token and Chat ID—that are used to direct bots' queries to the right chats. Armed with these details, the researchers realized that they could craft API requests that would essentially replay all the communications between the malware author and his bot. Because the hacker made the mistake of doing all of his testing and deployment in one bot setup (instead of covering his tracks by using multiple accounts), the researchers were able to study how he had set up, tested, and eventually started deploying the malware.

While the Forcepoint researchers used the Telegram API to snoop on the hacker's bot communications as part of well-meaning defense analysis, they emphasize that someone else could use the same technique for ill and look back at a whole conversation a bot is present in. And even someone who doesn't have a chat's bot API token and Chat ID from a malware sample could still potentially extract them in other ways. Both pieces of information are embedded in every Telegram communication, so bots can know which data or service to send to which chat.