Researchers Warn of Telegram App Exposing Users’ IP Addresses to Contacts
A cyber security researcher has shown that it is very easy to access the IP address of any account on the encrypted messaging app Telegram using a simple tool. Denis Simonov, also known as n0a, recently highlighted the problem and wrote a simple tool to exploit it.
TechCrunch confirmed its discovery by adding him to the contacts of a newly created Telegram account. Simonov then called the account and soon revealed the IP address of the computer where the experiment was being conducted.
Telegram has allegedly been leaking the IP address of people in your contacts during voice calls for years. This time, “an unprepared person can easily reveal his IP address to his interlocutor if he does not know about them,” Simonov said in the report.
Telegram, which has more than 700 million users, uses a peer-to-peer connection between callers “to improve quality and reduce latency,” a Telegram spokesperson said in a statement.
“The downside here is that it requires both parties to know the IP address of the other (since it’s a direct connection). Unlike other messengers, calls from people who aren’t in your contact list are routed through Telegram’s servers to obfuscate it,” the spokesperson added .
Simonov wrote in the message that recently he faced the task of determining the IP address of his interlocutor in the Telegram messenger. “For this purpose, I used the network traffic analysis tool Wireshark, where I detected STUN protocol traffic,” he mentioned.
STUN (Session Traversal Utilities for NAT) is a standardized protocol designed to help devices behind Network Address Translation (NAT) determine their external IP address and the type of NAT to use on the gateway.
“After spending some time, I decided to automate the process of getting an IP address in Telegram using the console version of Wireshark – tshark,” the researcher added.
To avoid leaking your IP address, you need to go to Telegram Settings, Privacy & Security, Calls and select “Never” from the Peer-to-Peer menu.