After Facebook, Popular Messaging App Telegram Has Also Been Leaking Data Of Its 20 Crore Users
If there¡¯s anything social media platforms are currently struggling with, it¡¯s the fake news problem. Another is keeping users¡¯ data safe. And it seems Facebook isn¡¯t the only app leaking data like a sieve, as Telegram is the latest to join the club.
If there's anything social media platforms are currently struggling with, it's the fake news problem. Another is keeping users' data safe.
And it seems Facebook isn't the only app leaking data like a sieve, Telegram is latest to join the undesirable club.
Images courtesy: Reuters
Telegram is a cloud-based instant messaging and VoIP service. Based in the UK, it's pretty much the same as WhatsApp, and is also fairly successful with over 200 million active users. Unfortunately, the company just had to pay a Rs 1.7 lakh bug bounty to a researcher that discovered a major flaw in their app, which exposed users¡¯ IP addresses.
A security researcher named Dhiraj Mishra reported the vulnerability, which is specific to Telegram's Windows and web versions of the client. The thing is, Telegram's default settings allow some users to make peer-to-peer calls. When that¡¯s done, log files for the app on the caller¡¯s machine show the IP address of the person being called.
In Telegram¡¯s iOS and Android versions, you can turn off the logging by disabling the P2P option in the app¡¯s privacy settings, thereby hiding your IP address. This will force all VoIP calls to you through Telegram¡¯s server, which redacts both the caller and receiver¡¯s IPs.
On the web and Windows versions of Telegram however, this option was unavailable. That means people taking calls on Telegram on their laptop had their IP address broadcast to whoever was on the other end. Not only is that bad security practice, it¡¯s even worse when you consider Telegram is marketed as a "secure" messaging app.
Ever since Mishra reported the flaw it¡¯s been patched in a subsequent update, which is why he can come forward to the public about it now. So those of you running the affected versions of Telegram need to update immediately, and then disable P2P calling.