Telegram is still leaking user IP addresses to contacts

The favored messaging app Telegram can leak your IP deal with if you happen to merely add a hacker to your contacts and settle for a telephone name from them.

Denis Simonov, a safety researcher, who’s also referred to as n0a, just lately highlighted the problem and wrote a easy instrument to take advantage of it. TechCrunch verified the researcher’s findings by including Simonov to the contacts of a newly created Telegram account. Simonov then known as the account, and shortly after offered TechCrunch with the IP deal with of the pc the place the experiment was being carried out.

Telegram boasts 700 million customers all around the world, and has all the time marketed itself as a “safe” and “non-public” messaging app, although specialists have repeatedly warned that Telegram will not be as safe as end-to-end encrypted app Sign, for instance.

Contact Us

Are you aware of comparable points in chat apps? We’d love to listen to from you. You’ll be able to contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram, Keybase, and Wire @lorenzofb, or e mail [email protected]. You may also contact TechCrunch by way of SecureDrop.

The truth that Telegram leaks your IP deal with to folks in your contacts throughout a voice name has been recognized for years, but it surely’s possible that new, much less technical customers might not be conscious.

Simonov, who based the cybersecurity agency T.Hunter, instructed TechCrunch: “Telegram focuses on safety and privateness, nevertheless, with the intention to keep secure you want to pay attention to the nuances of how the messenger’s voice calls work.”

“An unprepared individual can simply reveal his IP deal with to his interlocutor if he doesn’t learn about them,” Simonov stated.

The explanation Telegram leaks a person’s IP addresses throughout a name is that, by default, Telegram makes use of a peer-to-peer connection between callers “for higher high quality and decreased latency,” Telegram spokesperson Remi Vaughn instructed TechCrunch.

“The draw back of that is that it necessitates that each side know the IP deal with of the opposite (since it’s a direct connection). Not like on different messengers, calls from those that aren’t your contact record might be routed by Telegram’s servers to obscure that,” Vaughn stated.

To keep away from leaking your IP deal with, it’s a must to go to Telegram’s Settings > Privateness and Safety > Calls, after which choose “By no means” within the Peer-to-Peer menu, as proven beneath.

Telegram setting to avoid leaking your IP address in calls.

Different messaging and calling apps have been discovered to leak IP addresses as properly. In 2017, a researcher discovered that WhatsApp was leaking metadata in a approach that would enable hackers to discover a person’s IP deal with. In August, 404 Media reported that hackers might reveal the IP deal with of somebody on Skype with no interplay.

Microsoft on the time stated it could repair the vulnerability. Telegram, however, clearly thinks that is simply how the app ought to work.

Leave a Reply