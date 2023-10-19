A recent discovery security researcher Denis Simonov, also known as n0a, reveals that the popular messaging app Telegram can leak the IP address of its users if they add a hacker to their contact list and accept a phone call from them. Simonov created a tool to exploit this vulnerability and provided TechCrunch with the IP address of a computer during an experiment. Telegram, which boasts 700 million users worldwide, has marketed itself as a secure and private messaging app, but experts have repeatedly warned that it is not as secure as apps like Signal that offer end-to-end encryption.

This leakage of IP addresses during calls has been known for years, but less technical users may not be aware of it. Simonov, the founder of the cybersecurity firm T.Hunter, emphasized the importance of understanding how the voice calls in Telegram work to stay safe. To prevent IP address leakage, users must change the default setting in the app’s Privacy and Security section to ensure calls are not made through a peer-to-peer connection.

Telegram spokesperson Remi Vaughn explained that the use of peer-to-peer connections is for better call quality and lower latency. However, this necessitates that both parties have access to each other’s IP addresses. To conceal this information for calls made to individuals not in a user’s contact list, Telegram’s servers route the calls instead. While other messaging and calling apps, such as WhatsApp and Skype, have also been found to leak IP addresses, Telegram appears to consider this behavior as part of the app’s design.

