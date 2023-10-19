In a recent discovery, security researcher Denis Simonov, also known as n0a, has uncovered a vulnerability in the popular messaging app Telegram that can lead to the leakage of user IP addresses to their contacts. This issue arises when a user adds a hacker to their contacts and accepts a phone call from them.

The revelation of this vulnerability emphasizes the importance of user awareness and proactive measures to protect privacy and security. As a precaution, users should disable peer-to-peer connections in their Telegram settings to prevent potential IP address leakage.

The leakage of IP addresses poses a significant risk to users’ privacy and security, as it provides hackers with sensitive information that can be exploited for malicious purposes. Despite Telegram’s claims of being a secure and private messaging app, experts have repeatedly pointed out that it falls short in comparison to end-to-end encrypted apps like Signal.

One key factor contributing to the lack of user awareness regarding IP address leakage on Telegram is the misunderstanding surrounding this vulnerability. While this issue has been known among the tech-savvy community for years, many new and less technical users remain unaware of this vulnerability.

Denis Simonov, working for the cybersecurity firm T.Hunter, highlights the importance of user awareness in protecting their IP address. He states, “Telegram focuses on security and privacy; however, in order to stay safe, you need to be aware of the nuances of how the messenger’s voice calls work.”

The reason behind Telegram’s IP address leakage is its default use of peer-to-peer connections during voice calls. This approach aims to improve call quality and reduce latency, but it requires both parties to know each other’s IP addresses, as the connection is direct. In contrast, calls from non-contacts are routed through Telegram’s servers to obscure the IP addresses. To prevent IP address leakage, users can change their settings to disable peer-to-peer connections.

It’s worth noting that other messaging and calling apps have also been found to leak IP addresses. WhatsApp, for example, had a vulnerability in 2017 that exposed users’ IP addresses through metadata. Similarly, hackers could obtain a Skype user’s IP address without any interaction. While Microsoft quickly addressed the vulnerability in Skype, Telegram has yet to take similar action, indicating that they consider this behavior to be a normal function of the app.

Overall, the discovery of the IP address leakage vulnerability in Telegram serves as a reminder for users to remain vigilant in protecting their privacy and security. Disabling peer-to-peer connections and staying informed about the intricacies of messaging app features can help mitigate potential risks.

Definitions:

– IP address: An Internet Protocol address is a numerical label assigned to each device connected to a computer network.

– Peer-to-peer: A decentralized model of network communication where all devices have equal capabilities and can act both as a client and a server.

– End-to-end encryption: A system of secure communication where messages are encrypted on the sender’s device and can only be decrypted the intended recipient’s device.

Sources:

– Denis Simonov (n0a)

– Telegram spokesperson Remi Vaughn

– T.Hunter

– 404 Media