Instant messaging app Telegram’s desktop app has been found that leaking the public and private IP addresses of users, during voice calls.
How IP addresses leaked by doing voice call
Telegram desktop App leaks data have comes just days after Facebook revealed its largest ever data breach. Because of an incorrectly configured software. Security researcher Dhiraj Mishra find that Telegram’s desktop app was leaking both public and private IP addresses during voice calls due to its peer-to-peer framework. For smartphone users have the option to turn off P2P calls by changing the settings, but there was no such option available for Telegram users on the desktop.
According to Bleeping Computer, “the default setting for Telegram desktop app sees voice calls made from P2P. And the IP address of the contact you are speaking to shown in the Telegram console logs”.
The voice calling feature in Telegram works on direct P2P between the users. From there exchanging data packets between the two users directly. Such a connection will expose the IP addresses of the users directly. Telegram app users on mobile can choose to prevent their IP addresses from being of using app by changing the settings to Nobody. But this option was absent on Telegram’s desktop client. This could result in all calls initiated from the desktop version leaking the users’ IP addresses.
Telegram announce “only the My Contacts option should set to P2P by default. In this case, and attributed the sharing of IP addresses to non-contacts in the app to a bug”.
The company’s security team has given EUR 2,000 (roughly Rs. 1,68,900) to the Dhiraj Mishra for finding the bug in the app. And the company also fixed the issue in both the 1.3.17 beta and 1.4 versions of Telegram.
As per a CNBC Aawaaz report, this is the main reason why the app might be complete ban in India soon.