Skip to content Skip to sidebar Skip to footer

Telegram Leaked Ip Addresses Of Its Desktop App Users !!

Telegram leaked IP addresses of its desktop app users !!

The vulnerability affected Telegram’s desktop app for Windows, Mac, together with Linux OS.
elegram is reputed to live on i of the close secure messaging platforms out there
Telegram, a pop privacy-focused minute messaging application, reportedly contained a põrnikas that tin plough over notice leak the IP addresses of users. Known for providing end-to-end encryption, Telegram’s desktop app has been discovered to live on leaking non merely world but somebody IP addresses of its users by-default during vocalization calls together with users cannot plough off the feature.

This refers that, anyone together with everyone attempting to brand a vocalization telephone think volition live on vulnerable to cyber-attacks. Telegram has, however, fixed the põrnikas inward i of the latest updates together with the safety researcher who identified the põrnikas has been awarded EUR 2,000 yesteryear the company.

Bug was identified yesteryear safety researcher Dhiraj Mishra. According to Mishra, the desktop version of the Telegram app was leaking IP addresses during vocalization calls made via a peer-to-peer framework. Smartphone users tin plough over notice plough off P2P calls yesteryear modifying the settings: Settings > Privacy together with safety > Calls > Peer-To-Peer but desktop users of Telegram aren’t offered this option.

Telegram offers 2 unique features namely Secret Chat together with Nobody. Through Secret Chat, users tin plough over notice enable end-to-end encrypted calls/chats piece amongst Nobody choice users tin plough over notice forestall their IP addresses from beingness exposed during vocalization calls. When someone enabled Nobody option, the vocalization calls are routed through Telegram’s servers. Mishra identified that Nobody choice isn’t available for desktop users, which way the place of every desktop app user volition live on vulnerable to exposure together with all an aggressor needs to produce to obtain someone’s IP address is to brand a call. As before long every bit the telephone think is picked, the IP address gets revealed.

Telegram Fixes the Flaw
The safety proficient reported the vulnerability to Telegram via a Proof of Concept (PoC) video together with the fellowship before long patched it yesteryear rolling out an update which introduced the choice to disable the P2P settings. As a vantage for finding the flaw, Mishra was awarded €2,000 every bit a põrnikas bounty.

Telegram boasts of a worldwide fan next amongst a whopping 200 i M k active users every bit of March 2018 together with it is touted to live on an ultra-secure messaging app that lets users brand secure vocalization calls over the internet. But the uncovering of a vulnerability inward the close hyped characteristic of the app inward its official desktop version does enhance concerns. Classified every bit CVE-2018-17780, the vulnerability affected Telegram’s desktop app for Windows, Mac, together with Linux OS.