#HowTo Build a Telegram Security Plan

When you mention Telegram, the first thing that comes to mind for a lot of people is “a very secure messaging platform.” Unfortunately, while Telegram is certainly secure compared to other market alternatives, it is very important not to simply take Telegram’s claim of being very secure at face value.

Just recently, Infosecurity reported about a glitch that resulted in 42 million Telegram records being leaked; sensitive user information including user account IDs, phone numbers, names, and hashes were exposed. While the recent Telegram issue was due to a glitch associated with a third-party version of the messaging service, there have been quite a number of these security issues that warrant having a Telegram security plan if you use the platform for sensitive communication.

For example, Reuters once reported a breach in which Iranian hackers compromised more than a dozen Telegram accounts and identified the phone numbers of 15 million Telegram users.

These, and other security issues Telegram has faced, put communications by activists, journalists, and others who rely on the service for sensitive communication at risk. It also shows that there is a need for extra security measures when using the Telegram messaging platform. Here are five ways to protect yourself:

1. Do NOT Simply Rely on SMS Verification for Security

One of the major security mistakes you can make when using Telegram is simply relying on their SMS verification feature to protect your account.

By default, Telegram does not require a password to access your account; you only need an SMS code sent to your mobile phone. Now, depending on what part of the world you’re based, this can pose a serious problem.

There have been several instances in which Telegram accounts have been compromised by third-parties who coordinated with, or took advantage of, the mobile service providers of the account users, and there’s a serious possibility of this happening in undemocratic regions where governments can force service providers to play ball. Even in democratic regions, hackers can use social engineering or other means to take over your SIM card, intercept your messages, and then access your Telegram account.

You can prevent this by enabling 2-Step Verification in Telegram, which will require you to provide a password in addition to the default SMS code option before you can access your Telegram account. You should also set up a recovery email to make sure you're safe should you forget your password.

2. Enable a Passcode to Make Your Chats Private

You can also protect your Telegram account by enabling a passcode to ensure your messages are private; once setup, this locks your chats and requires a passcode to be able to access them. Your passcode lock can be manual or automatic; if automatic, your chats are automatically locked after a set period.

With the passcode lock in place, even if a hacker is able to compromise your details and successfully log in to your Telegram account, they need the passcode to read your messages. Reinstalling the app without the passcode will result in all your communications being automatically deleted.

3. Use a VPN

While Telegram is blocked in countries like Russia, Iran, Pakistan, China, Indonesia, it might be a good idea to use a VPN to ensure added security when using the service for sensitive communication even in countries where it is not blocked.

While the secure messaging platform was actively used during the Hong Kong protests last year, there were reports about a bug that allowed third-parties to detect the identities of people using the messaging platform. There have also been reports of Hong Kong police arresting the administrators of Telegram groups during the protest that rocked the country last year.

There are several Telegram VPN options you can take advantage of to ensure your usage of the service is completely anonymous -- especially if you’re using the service in a region where it is banned.

4. Enable Secret Chat

Many people wrongly assume that Telegram uses end-to-end encryption by default. This is far from being true. While Telegram indeed has an end-to-end encryption option, this isn’t what most people using the platform are set up to use; you need to manually enable the Secret Chat feature to ensure your communications are end-to-end by default. This gives you added security by ensuring your messages are fully encrypted, not stored on Telegram’s servers, and cannot be forwarded.

5. Disable Automatic Media Download

While many of the above settings should protect you should a third-party lay hands on your device, they are unfortunately not much help as far as your Telegram media is concerned: this is because, depending on several factors, Telegram is probably automatically downloading media to your device.

If you use Telegram for sensitive communication, then media sent via the app is likely to be of a sensitive nature. It is important to disable automatic media download to ensure they aren’t automatically saved to your gallery and potentially accessed should your device fall into the wrong hands.

What’s Hot on Infosecurity Magazine?