Telegram Exposing User IP addresses to Contacts
In the world of secure messaging apps, Telegram has always been the one that touts its "secure" and "private" features. With a user base of 700 million worldwide, it's a favorite among those who value their digital privacy. But, as it turns out, not everything is as secure as it seems.
Denis Simonov, a security researcher known as n0a, recently uncovered a glaring issue with the messaging giant – it can leak your IP address with a simple move: adding a hacker to your contacts and accepting a phone call. Sounds like the plot of a cyber-thriller, right?
Simonov's discovery isn't just theoretical; he even built a tool to exploit this vulnerability. To confirm the issue, TechCrunch added Simonov to the contacts of a freshly created Telegram account. What followed was a wake-up call - Simonov called the account and promptly handed over the IP address of the computer running the experiment.
But wait, how is this even possible? Telegram, like other popular messaging apps, uses a peer-to-peer connection for voice calls, promising better quality and lower latency. The catch? It necessitates that both callers know each other's IP addresses, as it's a direct connection. In contrast, other apps route calls through their servers to keep IP addresses hidden.
The issue isn't new, but it seems to have flown under the radar, especially for less tech-savvy users. "An unprepared person can easily reveal his IP address to his interlocutor if he does not know about them," Simonov explained.
To protect your IP address, you'll need to tweak your Telegram settings. Head over to Settings > Privacy and Security > Calls, and then select "Never" in the Peer-to-Peer menu. Problem solved!
Now, it's worth noting that Telegram isn't the only app with this problem. In 2017, WhatsApp was found to leak metadata that could lead hackers to a user's IP address. Even Skype had a similar vulnerability, which Microsoft pledged to fix.
So, the next time you make that call on Telegram, remember to adjust your settings – because in the world of cybersecurity, there's always more than meets the eye. Stay secure, stay informed!