Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Privacy Social Networks

Telegram is Still Leaking User IP Addresses To Contacts (techcrunch.com) 18

Posted by msmash from the PSA dept.
The popular messaging app Telegram can leak your IP address if you simply add a hacker to your contacts and accept a phone call from them. From a report: Denis Simonov, a security researcher, who is also known as n0a, recently highlighted the issue and wrote a simple tool to exploit it. TechCrunch verified the researcher's findings by adding Simonov to the contacts of a newly created Telegram account. Simonov then called the account, and shortly after provided TechCrunch with the IP address of the computer where the experiment was being carried out.

Telegram boasts 700 million users all over the world, and has always marketed itself as a "secure" and "private" messaging app, even though experts have repeatedly warned that Telegram is not as secure as end-to-end encrypted app Signal, for example. The fact that Telegram leaks your IP address to people in your contacts during a voice call has been known for years, but it's likely that new, less technical users may not be aware.
This discussion has been archived. No new comments can be posted.

Telegram is Still Leaking User IP Addresses To Contacts More

Telegram is Still Leaking User IP Addresses To Contacts

Comments Filter:

  • Telegram is NOT Signal (Score:5, Informative)

    by Midnight_Falcon ( 2432802 ) on Friday October 20, 2023 @11:50AM (#63939725)
    And still people don't get the message. It's not even "end to end encrypted" in most cases, it's just "encrypted" with a good ol' TLS session (aka HTTPS) between their server and you, meaning their server can see group messages and anything that's not their "secret chat." Even in the case of secret chat, the parameters and methods of encryption are closed-source, so it can't be verified there isn't some backdoor making it easy for either Telegram or some government to decrypt.
    • Comment removed based on user account deletion
      • Knowing the IP is def a problem in numerous cases, but not everyday use with known contects. For example if a hacker wanted to doxx someone, they could use this to social engineer their home IP. Then they can go and correlate with data from brokers, mobile apps, breaches etc to find the person's real name and address. If the person has a poorly configured home setup such as open ports for IoT devices like cameras that opens up a new attack vector as well.

        • Re: (Score:2)

          by lsllll ( 830002 )
          If you don't use a middle-man server or proxy, then I don't see how you'd be able to keep the IP address secret. A TCP/IP is a TCP/IP packet, no way getting around it.
        • Comment removed based on user account deletion

        • Re: (Score:2)

          by Bert64 ( 520050 )

          It only does it by default for your contacts, who tend to be people you know and trust.
          Being able to connect directly is hugely beneficial - lower latency, lower cost for the service operator, better privacy etc. These days are lot of users are stuck behind NAT and the direct connection doesn't work anyway.

  • Whatâ(TM)s the big deal? This is normal for apps, even encrypted messengers like Signal. You can force Signal to relay all calls through their servers but it degrades quality and it off by default.

Slashdot Top Deals

Space is to place as eternity is to time. -- Joseph Joubert

Close