A recent interview clip featuring Telegram’s founder, Pavel Durov, has sparked a wave of concern among cybersecurity experts.
The video, which went viral on X (formerly Twitter), showed Durov in conversation with right-wing commentator Tucker Carlson, boasting about his company’s streamlined operations.
Durov revealed that he is the sole product manager at Telegram, overseeing a team of “about 30 engineers.”
While Durov touted his Dubai-based company’s efficiency, security experts see his comments as a warning sign for the platform’s users.
Matthew Green, a cryptography expert at Johns Hopkins University, expressed serious concerns.
“Without end-to-end encryption, huge numbers of vulnerable targets, and servers located in the UAE? Seems like that would be a security nightmare.”
Matthew Green
His comments point to a critical issue: by default, Telegram’s chats are not end-to-end encrypted, unlike those on Signal or WhatsApp.
Users must initiate a “Secret Chat” to enable this level of security, ensuring that only the sender and recipient can read the messages.
However, the effectiveness of Telegram’s proprietary encryption, designed by Durov’s brother, has been questioned over the years.
Eva Galperin, cybersecurity director at the Electronic Frontier Foundation, emphasized that Telegram’s dual role as a messaging app and social media platform compounds its security challenges.
“What makes Telegram different (and much worse!) is that Telegram is not just a messaging app, it is also a social media platform. As a social media platform, it is sitting on an enormous amount of user data.”
Eva Galperin
She highlighted that most communications on Telegram are not end-to-end encrypted, exposing vast amounts of user data.
Experts Raise Security Concerns
Galperin also raised concerns about Telegram’s capacity to manage security threats and legal challenges with such a small team.
“Thirty engineers means that there is no one to fight legal requests, there is no infrastructure for dealing with abuse and content moderation issues,” she noted.
Furthermore, she questioned the quality of these engineers, suggesting that a minimal, potentially overstretched team could be an enticing target for cyber attackers.
“If I was a threat actor, I would definitely consider this to be encouraging news,” Galperin added.
The interview underscored doubts about Telegram’s ability to fend off sophisticated attacks, especially those backed by governments.
Telegram’s reluctance to comment on its security practices, including whether it has a chief security officer or how many engineers focus on security, only fuels these concerns.
Echoing these sentiments, the cybersecurity expert known as SwiftOnSecurity commented on X.
“The cost to run a company that has all the right cyber security tools and staff is absolutely obscene.”
SwiftOnSecurity emphasized that even the largest companies often fall short in their cybersecurity investments, highlighting the daunting challenge smaller teams like Telegram face.
Telegram, which reportedly boasts nearly one billion users according to Durov, is a prime target for hackers due to its popularity among cryptocurrency enthusiasts, extremists, and disinformation peddlers.
The platform’s massive user base and the sensitive nature of the communications it hosts make it a lucrative target for both criminal and state-sponsored hackers.
For years, security experts have cautioned against viewing Telegram as a truly secure messaging app.
Durov’s recent revelations seem to confirm and even amplify these warnings. As users navigate the digital space, the interview serves as a stark reminder of the importance of understanding the security measures — or lack thereof — behind the platforms they use.
In light of these revelations, users are advised to critically assess their reliance on Telegram for secure communications and consider alternative platforms with more robust security practices.
READ ALSO: Multi-Dimensional Poverty Index Report Indicts Government’s Policies
