Telegram desktop app leaked user data during calls

Berlin: Telegram’s desktop app had a major flaw that put both public and private IP addresses of users vulnerable during voice calls.

Security researcher Dhiraj Mishra uncovered the flaw in Telegram’s peer-to-peer framework. As explained in his blog on inputzero, Telegram forces clients to only use P2P connection for calls.

While mobile users can tweak the settings to keep the information private, the desktop version does not allow for such a setting, resulting in IP addresses getting exposed.

The flaw could have resulted in hackers wrongly gaining access to location data and other information related to IP address. Telegram has since then fixed the flaw by adding the option of “P2P to Nobody/My contacts” in version 1.3.17 beta and 1.4 versions.