The popular messaging app Telegram can leak your IP address if you simply add a hacker to your contacts and accept a phone call from them.

Denis Simonov, a security researcher, who is also known as n0a, recently highlighted the issue and wrote a simple tool to exploit it. Researcher’s findings was verified by adding Simonov to the contacts of a newly created Telegram account.

Simonov then called the account, and shortly after the IP address of the computer where the experiment was being carried out was provided.

Telegram boasts 700 million users all over the world, and has always marketed itself as a “secure” and “private” messaging app, even though experts have repeatedly warned that Telegram is not as secure as end-to-end encrypted app Signal, for example.

The fact that Telegram leaks your IP address to people in your contacts during a voice call has been known for years, but it’s likely that new, less technical users may not be aware.

Simonov, who works for the cybersecurity firm T.Hunter, Said: “Telegram focuses on security and privacy, however, in order to stay safe you need to be aware of the nuances of how the messenger’s voice calls work.”

“An unprepared person can easily reveal his IP address to his interlocutor if he does not know about them,” Simonov said.

The reason Telegram leaks a user’s IP addresses during a call is that, by default, Telegram uses a peer-to-peer connection between callers “for better quality and reduced latency,” Telegram spokesperson Remi Vaughn said.

“The downside of this is that it necessitates that both sides know the IP address of the other (since it is a direct connection). Unlike on other messengers, calls from those who are not your contact list will be routed through Telegram’s servers to obscure that,” Vaughn said.

To avoid leaking your IP address, you have to go to Telegram’s Settings > Privacy and Security > Calls, and then select “Never” in the Peer-to-Peer menu, as shown below.

Other messaging and calling apps have been found to leak IP addresses as well. In 2017, a researcher found that WhatsApp was leaking metadata in a way that could allow hackers to find a user’s IP address.

In August, 404 Media reported that hackers could reveal the IP address of someone on Skype with no interaction.

Microsoft at the time said it would fix the vulnerability. Telegram, on the other hand, clearly thinks this is just how the app should work.

Leave a Reply

Your email address will not be published. Required fields are marked *

WP Twitter Auto Publish Powered By : XYZScripts.com