Critical Vulnerability in Telegram Leaks User IP Addresses

Written by Nitish Singh
Last updated September 17, 2021

Telegram has been amidst a lot of controversies this year, and the popular messaging app finds itself in troubled waters yet again. The desktop client of the app was found leaking both public and private IP addresses of users when voice calls were initiated. Since the voice call feature makes use of P2P functionality, the phone numbers were not encrypted which left users vulnerable to data thefts.

Telegram IP Address Leak

Image Courtesy of Bleeping Computer

Telegram has already addressed the issue and the researcher who found the issue has been awarded EUR 2,000. The messaging app released an official statement "We’ve found and fixed the issue which our tester had. It turns out that during the sign in process, the API returned no value for the option. Then immediately after the user was signed in, the API returned the correct default value. But it could take up to several hours for the client to refresh this configuration. So before we fixed this, the apps could display “everyone” in the settings for an hour or two after a fresh login."

Telegram P2P Settings

Image Courtesy of Bleeping Computer

The security bug was reported by security researcher Dhiraj Mishra who revealed that the desktop app was leaking IP addresses during calls. Smartphone options have the option of turning off P2P calls, but the feature is not available to desktop users. All voice calls on the desktop version of Telegram create a connection between both users and exchanges data packets.

The issue has been fixed in the latest 1.3.17 beta and 1.4 versions of the app. Users have been requested to update the app and head to Settings > Privacy and security > Calls > Peer-To-Peer. Choosing the ‘Nobody’ option in the menu will stop P2P technology being used for calls, which will safeguard users.

What do you think about the security flaw found in Telegram? Let us know in the comments below. If you could share the article online, it would also be great so others can find it too. Come chat with us on Facebook and Twitter

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: