You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Breaches and Incidents
- Telegram bug leaked desktop users’ IP addresses

Telegram bug leaked desktop users’ IP addresses
Telegram bug leaked desktop users’ IP addresses- October 3, 2018
- |
- Breaches and Incidents
/https://cystory-images.s3.amazonaws.com/shutterstock_178028531.jpg)
- The flaw leaves Telegram desktop users vulnerable to cyberattacks.
- The new versions will now be offering the ‘Nobody’ feature to fix the vulnerability.
The secure messaging app Telegram inadvertently leaked its desktop users’ personal information. The breach was caused by a bug in the desktop version of the Telegram app (3.3.0.0 WP8.1 for Windows). The flaw leaked users’ IP addresses during voice calls.
In other words, the flaw leaves users attempting to make a voice call through the Telegram web app vulnerable to cyberattacks. The bug was discovered by a security researcher named Dhiraj Mishra.
According to Mishra, Telegram uses Peer-to-Peer framework to establish a direct connection between two users during a voice call. But the web app flaw exposed the IP addresses of both participants.
The researcher also discovered that Telegram users do not have the provision of turning off the feature, thus increasing their odds of falling victim to a cyberattack.
“Telegram is supposedly a secure messaging application, but it forces clients to only use P2P connection while initiating a call, however, this setting can also be changed from "Settings > Privacy and security > Calls > peer-to-peer" to other available options. The desktop and telegram for windows break this trust by leaking public/private IP address of end user and there was no such option available yet for setting "P2P > nobody" in tdesktop and telegram for windows,”Mishra said in a blog post.
Fortunately, Telegram fixed the bug in one of its latest security updates. The issue has been patched in 1.3.17 beta and 1.4.0 versions of Telegram for Desktop. The new versions will now be offering the ‘Nobody’ feature to allow users to switch from the buggy P2P feature.
- + Aware
Get such articles in your inbox
News
-
Previous News Hackers hit Apollo, stealing database containing 200 million contact records
- October 3, 2018
- |
- Breaches and Incidents
-
Next News Hackers selling stolen Fortinet, Spotify accounts and botnets on Instagram
- October 3, 2018
- |
- Threat Actors
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News Hackers hit Apollo, stealing database containing 200 million contact records
- October 3, 2018
- |
- Breaches and Incidents
-
Next News Hackers selling stolen Fortinet, Spotify accounts and botnets on Instagram
- October 3, 2018
- |
- Threat Actors
Popular News
Related News
Categories
