In a recent discovery by security researcher Denis Simonov, also known as n0a, it has been revealed that the popular messaging app Telegram has a vulnerability that can leak user IP addresses to their contacts. This issue occurs when a user adds a hacker to their contacts and accepts a phone call from them.
Key Takeaway
Telegram’s recent revelation of leaking user IP addresses to their contacts during voice calls highlights the importance of user awareness and proactive measures to protect privacy and security. Users should disable peer-to-peer connections in their Telegram settings to prevent potential IP address leakage.
The Risk of IP Address Leakage
This vulnerability poses a significant risk to users’ privacy and security. By simply accepting a phone call, users unknowingly provide the hacker with their IP address, which can be exploited for various malicious purposes.
Despite Telegram’s claims of being a secure and private messaging app, experts have repeatedly warned that it falls short in comparison to end-to-end encrypted apps like Signal.
Misunderstanding and Lack of Awareness
While the fact that Telegram leaks IP addresses during voice calls has been known for years among the tech-savvy community, many new and less technical users remain unaware of this vulnerability.
Simonov, working for the cybersecurity firm T.Hunter, emphasizes the importance of user awareness when it comes to protecting their IP address: “Telegram focuses on security and privacy, however, in order to stay safe you need to be aware of the nuances of how the messenger’s voice calls work.”
Reason Behind the IP Address Leakage
The reason behind Telegram’s IP address leakage is its default use of peer-to-peer connections during voice calls. This approach aims to enhance call quality and reduce latency. However, it requires both parties to know each other’s IP addresses, as the connection is direct.
In contrast, calls from non-contacts are routed through Telegram’s servers to obscure the IP addresses, as explained by Telegram spokesperson Remi Vaughn. To prevent IP address leakage, users can change their settings to disable peer-to-peer connections.
Similar Issues in Other Messaging Apps
It’s worth noting that other messaging and calling apps have also been found to leak IP addresses. In 2017, a researcher discovered that WhatsApp had a vulnerability that exposed users’ IP addresses through metadata. Similarly, a report from 404 Media revealed that hackers could obtain a Skype user’s IP address without any interaction.
While Microsoft swiftly addressed the vulnerability in Skype, Telegram has yet to take similar action, indicating that they consider this behavior to be a normal function of the app.