Monday, November 4, 2024
HomeComputer SecurityTelegram Leaks Public & Private IP Address While Making Calls

Telegram Leaks Public & Private IP Address While Making Calls

Published on

Malware protection

Telegram Desktop version leaking users private and public IP address by default while initiating phone calls from tdesktop and telegram for windows.

Telegram offering encrypted chats and phone calls over the internet but its desktop and windows version leaking IP address.

Telegram Desktop application allows users only making phone calls by setting the P2P connection which is available to change from “Settings > Privacy and security > Calls > peer-to-peer”

- Advertisement - SIEM as a Service

But tdesktop and telegram for windows don’t have any option like this to set up the Peer-to-peer connection.

Dhiraj Mishra, Researcher who discovered this serious flaw in Telegram stated that “Even telegram for Android will also leak your IP address if you have not set “Settings > Privacy and security > Calls > peer-to-peer >nobody” (But Peer-to-Peer settings for call option already exists in a telegram for android”

Telegram Desktop – IP Leaking Scenario 

Below example that can demonstrate from Ubuntu Desktop Telegram console while users making phone calls from Telegram desktop.

1. Open tdesktop,
2. Initiate a call to anyone,
3. You will notice the end user IP address is leaking.

In this case, Telegram desktop clients forMac, Windows, and Linux also would reveal users’ IP addresses.

So making phone calls from the desktop version and windows would leaks both users IP addresses but the mobile version will not do the same since it was set as Peer-to-peer communication by default.

He Also Explains the other following scenario that indicates the part of leaking IP address of the following.

  •  Open tdesktop in Ubuntu and login with user A
  •  Open telegram in windows phone login with user B
  •  Let user B initiate the call to user A
  •  While user A access log will have the public/private IP address of user B.  

After reporting this flaw to Telegram, Dhiraj was awarded a €2,000 bounty for his finding and issued the patch in the 1.3.17 beta and 1.4.0 versions of Telegram for Desktop where you can set your “P2P to Nobody/My Contacts.

Later CVE-2018-17780 was assigned to this vulnerability and the user requested to update their desktop clients as soon as possible in order to patch this flaw to maintain the anonymity.

Related Read

Advanced Android Malware Steal Users Facebook, Twitter, Telegram, Skype Messenger Data

Hackers Now Switching to Telegram as a Secret Communication Medium for Underground Cybercrimes

New Android RAT Spotted in Wild Abusing Telegram Protocol for Command and Control

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...