Telegram's desktop app had a major flaw that put both public and private IP addresses of users vulnerable during voice calls.
Security researcher Dhiraj Mishra uncovered the flaw in Telegram's peer-to-peer framework. As explained in his blog on inputzero, Telegram forces clients to only use P2P connection for calls.
While mobile users can tweak the settings to keep the information private, the desktop version does not allow for such a setting, resulting in IP addresses getting exposed.
The flaw could have resulted in hackers wrongly gaining access to location data and other information related to IP address. Telegram has since then fixed the flaw by adding the option of "P2P to Nobody/My contacts" in version 1.3.17 beta and 1.4 versions.
Disclaimer: No Business Standard Journalist was involved in creation of this content
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app