Telegram desktop app leaked internet addresses when starting calls

Telegram has a reputation for privacy and security (much to the chagrin of some governments), but it's not immune to gaffes. Security researcher Dhiraj Mishra discovered that Telegram's desktop app was leaking both public and private IP addresses during voice calls due to its peer-to-peer framework. Where mobile users could turn off peer-to-peer calls and keep their information secret, you had no choice but use the technology on the desktop. That could open you to attacks or disclose your location regardless of how careful you might otherwise be.

The company has fixed the issue in both the 1.3.17 beta and 1.4 versions of Telegram by giving you options to either disable peer-to-peer calling entirely or limit it to your contacts. Mishra received a €2,000 (about $2,300) bounty for the find. It's not Telegram's proudest moment, but the flaw does serve as a reminder that you can't assume an app is airtight simply because of its reputation, even if most of its policies are sound.

Via: Bleeping Computer

Source: Inputzero



via Engadget RSS Feed https://ift.tt/2xR4TDc
RSS Feed

If New feed item from http://www.engadget.com/rss-full.xml, then send me


Unsubscribe from these notifications or sign in to manage your Email Applets.

IFTTT

Comments

Popular posts from this blog

Evernote cuts staff as user growth stalls

The best air conditioner

We won't see a 'universal' vape oil cartridge anytime soon