Telegram Fixes Desktop App Flaw That Leaked IP Addresses in Calls

Telegram is reputed to be one of the most secure messaging platforms out there, merely a security researcher recently discovered a vulnerability in Telegram's desktop client which leaked the IP address of users while making calls.

Dhiraj Mishra, the security good who uncovered the flaw, spotted that the Telegram Messenger for Windows and Telegram for Desktop did non offer the tool to disable Peer-to-Peer (P2P) calls, which means the IP accost of users would be left exposed whenever they make calls.

What is Peer-to-Peer Calling?

Image Courtesy: InputZero.io

The Telegram app offers a characteristic called peer-to-peer calling which can be enabled or disabled by users. When the P2P feature is disabled, all calls made by users are routed through Telegram's servers to hide the IP address, however, disabling the feature leads to a depreciation in the audio quality during the call.

What Was The Flaw?

Telegram for Desktop and the Telegram Messenger for Windows do not offer the pick to disable such calls, which means the IP addresses can exist intercepted by a tertiary political party. The security researcher revealed that if the P2P characteristic is not disabled or is absent-minded, the Telegram server IP, the caller'south IP as well as the receiver'due south IP are leaked. And so, how can the vulnerability be exploited? Well, a hacker only needs to call yous on Telegram'south desktop client to know your IP accost.

Telegram Fixes the Flaw

The security skilful reported the vulnerability to Telegram via a Proof of Concept (PoC) video and the company soon patched it by rolling out an update which introduced the option to disable the P2P settings. Equally a reward for finding the flaw, Mishra was awarded €2,000 as a problems bounty.

Source: https://beebom.com/telegram-desktop-client-leaked-ip-address-calls/

Posted by: escobarhirood1936.blogspot.com

Share this post