Connect with us

Internet

Telegram Desktop App Found to Be Leaking IP Addresses When Initiating Calls, Company Fixes Bug

Published

2 years ago

on


Instant messaging app Telegram, known for its end-to-end encryption features, was found to contain a bug that would leak users’ IP addresses. A security researcher discovered that the Telegram desktop app was leaking public and private IP addresses of users during voice calls. Additionally, users did not have an option to turn off the feature that could potentially leave them vulnerable to cyber-attacks. However, Telegram has reportedly fixed the bug in its latest updates. Notably, the company’s security team has awarded the researcher EUR 2,000 (roughly Rs. 1,68,900) for reporting the bug in the app.

Security researcher Dhiraj Mishra reported the Telegram bug, which he says was causing the desktop app to be leaking both public and private IP addresses during voice calls to be made over a P2P (peer-to-peer) framework. While smartphone users have the option of turning off P2P calls by changing the settings to other options by going to Settings > Privacy and security > Calls > Peer-To-Peer, there was no such option available for Telegram users on the desktop.

Photo Credit: Dhiraj Mishra/ InputZero

The voice calling feature in Telegram works by establishing a direct P2P connection between the users, thereby exchanging data packets between the two directly. Such a connection is said to directly expose the IP addresses of the users. As mentioned, Telegram app users on mobile can choose to prevent their IP addresses from being revealed by changing the settings to Nobody. According to Mishra, this option was absent on Telegram’s desktop client. This could result in all calls initiated from the desktop version potentially leaking the users’ IP addresses.

Notably, the company has now fixed the issue in the 1.3.17 beta and 1.4 versions of Telegram by adding the Nobody option in its desktop client settings. The IP address leak has received the CVE-2018-17780 vulnerability identifier and as mentioned, the company has rewarded a bounty to Mishra for his bug report. Users can now go to Settings > Privacy and security > Calls > Peer-To-Peer and set the option to Nobody.

<!–

–>

Source link



Source link

Related Topics:
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Internet

Firefox Proton will give the browser another facelift

Published

3 hours ago

on

January 26, 2021

By

It’s hard to argue that Google Chrome is probably the most-used web browser in the market, especially if you add browsers based on the same Chromium foundations. What may be harder to determine is which is Number Two. There was a time when Mozilla Firefox was perhaps neck to neck with Chrome but those days are long gone. Mozilla has … Continue reading

Continue Reading

Internet

Xiaomi Mi Band 6 could almost be an Alexa smartwatch

Published

4 hours ago

on

January 26, 2021

By

Although smartwatches are a dime a dozen these days, some still prefer smart bands not just for their simplicity but also for their discreetness. That’s not to say that these fitness-centric devices are less featured than their smartwatch cousins, especially this upcoming product from Xiaomi. According to the latest leak, the company’s next Mi Band will be chock-full of features … Continue reading

Continue Reading

Internet

Amazon Alexa will proactively take action on Hunches

Published

5 hours ago

on

January 26, 2021

By

In the earlier days of smart assistants, they seemed only smart because of how they seemed to know things or do things like magic. Of course, they still needed to scour the net or wirelessly flick a switch, and most of the time you still had to actually tell them to do those. These days, the likes of Amazon Alexa … Continue reading

Continue Reading

Trending