Latest in Gear

Image credit:

Telegram desktop app leaked internet addresses when starting calls

You didn't have a choice to turn it off.
Jon Fingas, @jonfingas
September 30, 2018
Share
Tweet
Share

Sponsored Links

Reuters/Dado Ruvic

Telegram has a reputation for privacy and security (much to the chagrin of some governments), but it's not immune to gaffes. Security researcher Dhiraj Mishra discovered that Telegram's desktop app was leaking both public and private IP addresses during voice calls due to its peer-to-peer framework. Where mobile users could turn off peer-to-peer calls and keep their information secret, you had no choice but use the technology on the desktop. That could open you to attacks or disclose your location regardless of how careful you might otherwise be.

The company has fixed the issue in both the 1.3.17 beta and 1.4 versions of Telegram by giving you options to either disable peer-to-peer calling entirely or limit it to your contacts. Mishra received a €2,000 (about $2,300) bounty for the find. It's not Telegram's proudest moment, but the flaw does serve as a reminder that you can't assume an app is airtight simply because of its reputation, even if most of its policies are sound.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Scientists find neutrinos from star fusion for the first time

Scientists find neutrinos from star fusion for the first time

View
The best Black Friday tech deals that are already available

The best Black Friday tech deals that are already available

View
Apple's Intel-powered MacBook Air falls to $799 ahead of Black Friday

Apple's Intel-powered MacBook Air falls to $799 ahead of Black Friday

View
'Marvel's Avengers' hasn't turned a profit yet

'Marvel's Avengers' hasn't turned a profit yet

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr