Security researcher Dhiraj Mishra found that Telegram’s desktop app was leaking public and private IP addresses during voice calls, reports Engadget. The messaging app, which is known for its adherence to privacy and security norms, was leaking the data via its peer–to–peer calling framework. Telegram has fixed the bug with an update to its app; it gives users the option to disable the peer-to-peer calling entirely or limit it to only contacts.
On the mobile app, the setting can be changed and peer-to-peer calling can be turned off. However, on the desktop app only P2P calls are available. When users initiated calls, the IP addresses of the end users were being leaked by Telegram. Telegram was leaking very sensitive information of unsuspecting individuals.
Peer-to-peer calls are made directly between two people, instead of being routed over a central server. It is used to improve the quality of audio and video signal on-call, as the connection does not travel as farther as it would when routed through a central server. Telegram forced users to make voice calls only using a P2P connection.
Recent Telegram developments
- Telegram hit 200 million MAUs earlier this year, founder Pavel Durov said Telegram had not disclosed a single byte of users’ private data to third parties since it began in 2013.
- In July, Telegram introduced Telegram Passport — a unified authorisation service. The service provides cloud storage where one can upload their identification documents and then share them with any platform or service that require a real-world ID.
- The same month, the Union Government sought inputs from telecom operators and ISPs with Gateways, on how to block mobile aps Instagram/Facebook/WhatsApp/Telegram.
I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.
