New Delhi, Oct 20 (IANS) A cyber-security researcher has showcased it is super easy to access IP address of any account on encrypted messaging app Telegram with a simple tool.
Denis Simonov, also known as n0a, recently highlighted the issue and wrote a simple tool to exploit it.
TechCrunch verified his findings by adding him to the contacts of a newly created Telegram account.
Simonov then called the account, and shortly after revealed the IP address of the computer where the experiment was being carried out.
Telegram has allegedly been leaking IP address to people in your contacts during a voice call for years.
This time, “an unprepared person can easily reveal his IP address to his interlocutor if he does not know about them,” Simonov was quoted as saying in the report.
Telegram, which has more than 700 million users, utilises a peer-to-peer connection between callers “for better quality and reduced latency,” a Telegram spokesperson said in a statement.
“The downside of this is that it necessitates that both sides know the IP address of the other (since it is a direct connection). Unlike on other messengers, calls from those who are not your contact list will be routed through Telegram’s servers to obscure that,” the spokesperson added.
Simonov wrote in a post that recently, he was faced with the task of determining the IP address of his interlocutor in the Telegram messenger.
“For this purpose, I used the network traffic analysis tool Wireshark, where I detected STUN protocol traffic,” he mentioned.
STUN (Session Traversal Utilities for NAT) is a standardised protocol designed to help devices behind NAT (Network Address Translation) determine their external IP address and the type of NAT that is used on their gateway.
“After spending a little time, I decided to automate the process of obtaining the IP of my counterpart in Telegram using the console version of Wireshark - tshark,” the researcher added.
To avoid leaking your IP address, you have to go to Telegram’s settings, privacy and security, calls, and then select “Never” in the Peer-to-Peer menu.