Over the weekend, a clip from a recent interview with Telegram founder Pavel Durov went semi-viral on X (formerly Twitter). In the video, Durov tells right-wing personality Tucker Carlson that he is the only product manager at the company and employs “about 30 engineers.”

While Durov touted his Dubai-based company’s “super efficiency,” security experts see his comments as a significant red flag for users.

“Without end-to-end encryption, huge numbers of vulnerable targets, and servers located in the UAE? Seems like that would be a security nightmare,” Matthew Green, a cryptography expert at Johns Hopkins University, told TechCrunch.

Green’s concerns stem from the fact that Telegram’s chats are not end-to-end encrypted by default, unlike Signal or WhatsApp. Users must initiate a “Secret Chat” to enable end-to-end encryption, making messages unreadable to anyone other than the intended recipient. Additionally, Telegram uses its proprietary encryption algorithm, designed by Durov’s brother, which has faced skepticism over its robustness.

Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, emphasized that Telegram’s scope goes beyond a typical messaging app, making it even more susceptible to security issues.

“What makes Telegram different (and much worse!) is that Telegram is not just a messaging app, it is also a social media platform,” Galperin told TechCrunch. “As a social media platform, it is sitting on an enormous amount of user data, including the contents of all non-end-to-end encrypted communications.”

Galperin added that having “only 30 engineers” means insufficient resources to handle legal requests, abuse, and content moderation issues. She also questioned the quality of those engineers, suggesting that the small team size could be enticing for threat actors.

In summary, experts argue that Telegram’s limited staff makes it ill-equipped to combat hackers, particularly those backed by governments. Telegram did not respond to requests for comment on its security infrastructure, including whether it has a chief security officer or how many engineers focus on platform security.

Last week, the cybersecurity expert SwiftOnSecurity highlighted the immense cost and resources required to maintain robust cybersecurity measures on X, noting that even large companies struggle with this.

Despite having nearly one billion users, Telegram’s limited cybersecurity workforce raises significant concerns, especially given its popularity among crypto users, extremists, hackers, and disinformation spreaders. This makes it a highly attractive target for both criminal and government hackers.

For years, security experts have advised against considering Telegram as a truly secure messaging app. Durov’s recent revelations may indicate that the platform’s security is even more compromised than previously thought.

Source: Techcrunch