Telegram is apopular instant messaging service, a self-described fast and secure solution. It introduces its own home-made cryptographic protocol MTProto insteadof using already known solutions, which was criticised by a significant part of the cryptographic community.
In this talk we will briefly introduce the protocol to provide context to the reader and then present two majorfindings we discovered as part of our security analysis performed in late2016. First, the undocumented obfuscation method Telegram uses, and second, a replay attack vulnerability we discovered. The analysis was mainly focused on the MTProto protocol and the Telegram's official client for Android.