Telegram enables malicious actors to obtain your home address
"People nearby" is an option to communicate with people in the user's geographic area. This option reveals personal details to the attacker
Ami Rojkes Dombe
| 10/01/2021
https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
Ahmed Hassan, a computer engineer and researcher, discovered a problematic flaw in the "people nearby" feature of the Telegram messaging platform. According to the researcher, use of the feature could help hackers find your home addresses. "People nearby" is an option to communicate with people in the user's geographic area. By choosing this option, the user is provided with a list of people nearby, and with the touch of a button, it is even possible to send them a message.
So what's the problem? Hackers and other malicious actors can use this opening to find the exact address of the user. How? By spoofing their own location, the hackers can figure out the exact location of the user. Malicious actors can place themselves at three points on the map using spoofing techniques, so that eventually the user's address will be clearly revealed.
The researcher warned Telegram, which replied that as far as they are concerned it is not a problem.
So what can be done?
Even though messages are sent in a secure manner, it can be seen that the platform chooses to ignore a very important aspect of privacy, namely concealing the exact location of the user. Data security company ESET says that users control the option of using the "people nearby" feature, and it is important that they be aware that it is problematic. At least until Telegram chooses to deal with the issue.
The researcher's blog post with all of the details can be found here.
"People nearby" is an option to communicate with people in the user's geographic area. This option reveals personal details to the attacker
https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
Ahmed Hassan, a computer engineer and researcher, discovered a problematic flaw in the "people nearby" feature of the Telegram messaging platform. According to the researcher, use of the feature could help hackers find your home addresses. "People nearby" is an option to communicate with people in the user's geographic area. By choosing this option, the user is provided with a list of people nearby, and with the touch of a button, it is even possible to send them a message.
So what's the problem? Hackers and other malicious actors can use this opening to find the exact address of the user. How? By spoofing their own location, the hackers can figure out the exact location of the user. Malicious actors can place themselves at three points on the map using spoofing techniques, so that eventually the user's address will be clearly revealed.
The researcher warned Telegram, which replied that as far as they are concerned it is not a problem.
So what can be done?
Even though messages are sent in a secure manner, it can be seen that the platform chooses to ignore a very important aspect of privacy, namely concealing the exact location of the user. Data security company ESET says that users control the option of using the "people nearby" feature, and it is important that they be aware that it is problematic. At least until Telegram chooses to deal with the issue.
The researcher's blog post with all of the details can be found here.
