Despite its reputation as a secure and private messaging app, Telegram has been grappling with a persistent issue – the leakage of user IP addresses. This security flaw can expose your IP address to any hacker who can get added to your contacts and initiate a phone call with you.
Denis Simonov, a security researcher known as n0a, brought the issue to light and even developed a tool to exploit this weakness. I independently verified Simonov’s findings by adding him to the contacts of a fresh Telegram account. After initiating a call with the statement, Simonov promptly provided me with the computer’s IP address where the test was conducted.
With over 700 million users worldwide, Telegram has always touted itself as a secure and private messaging platform. However, experts have repeatedly emphasized that Telegram is slower than apps with end-to-end encryption like Signal.
The Underlying Issue
The fact that Telegram can leak your IP address during a voice call is not a new revelation. This vulnerability has been recognized for years, but the new, less tech-savvy users might need to become more familiar with it.
Simonov, an employee at the cybersecurity firm T.Hunter, explained, “Telegram focuses on security and privacy; however, to stay safe, you need to be aware of the nuances of how the messenger’s voice calls work.” He clarified that an unprepared person could quickly reveal his IP address to his interlocutor if unaware of these nuances.
Why Does This Happen?
The reason behind Telegram’s IP address leakage during a call lies in how the platform is designed. By default, Telegram uses a peer-to-peer connection between callers to enhance quality and reduce latency, as explained by Telegram spokesperson Remi Vaughn. However, this approach necessitates that both callers know each other’s IP addresses, as it requires a direct connection. Vaughn added that non-contact calls are routed through Telegram’s servers to obscure this information.
To prevent your IP address from leaking, navigate to Telegram’s Settings > Privacy and Security > Calls and select “Never” in the Peer-to-Peer menu.
Telegram is Not Alone
Telegram is not the only messaging app found to leak IP addresses. In 2017, a researcher discovered that WhatsApp was leaking metadata in a way that could enable hackers to find a user’s IP address. In August, 404 Media reported that hackers could uncover the IP address of a Skype user without any interaction. Microsoft pledged to fix the vulnerability at the time.
However, Telegram appears to view this issue differently, suggesting this is how the app should function. This stance has, understandably, drawn criticism from various quarters, with users and experts questioning the platform’s commitment to user privacy and security.
In the realm of digital communications, privacy is paramount. The popular messaging app Telegram has been found to leak user IP addresses to contacts, posing a significant challenge to its image as a secure platform.