Security Vulnerability: Replay Attack Against Telethon

[theova]

We are a team of cryptographers and have, inspired by a recent publication on the security of Telegram, performed a security analysis of the implementation of the MTProto 2.0 protocol in various third-party Telegram clients.

In the process, we also found a vulnerability in Telethon:

When receiving a message, the client needs to check that it has not processed the message before. Telethon misses these checks. As a consequence, an attacker can record an encrypted message from the server to the client and replay it at a later point in time. Both messages will appear valid to the victim.

We are able to demonstrate this attack in a real world setting. However, no Telethon users were impacted by our analysis.

We described the vulnerability to Telethon's maintainer on the 24th of November 2021 (see https://github.com/LonamiWebs/Telethon/issues/3236) and proposed to follow the usual industry practice of a 90-day disclosure period.

To this date, we have neither received an answer nor is the vulnerability fixed.

We hope that the disclosure increases the awareness for Telethon's security and leads to a quick fix. We are happy to answer any questions and offer our help regarding this issue.

Kind regards

[Lonami]

Not closing since this still needs to be fixed in v2. This commit may also have new issues that were previously not discovered because the checks were not there (i.e. the library may fail in some new cases which would need to be looked at).

[Lonami]

Closing since v2 is still probably very, very far away, and the commit above has been live for a long time now, so it seems fine. Some people do report that the commit above has been firing, but not to an extent to which the implementation itself seems bugged.

In any case the problem described in the original post is, I believe, fixed (and has been for months now, in released versions), so I'm closing this.