Thursday, January 7, 2021

Telegram's location function opens users up to hackers

Telegram's 'People Nearby' feature makes it possible to find the exact location of those with the feature enabled. 

Bug bounty hunter and researcher Ahmed Hassan picked up on the quirk and reported it to the messaging app's security. 

Hassan had noticed a similar issue with Line app a few years ago and picked it up again with Telegram. However, upon reporting it, Telegram said it was not an issue and there was no bug bounty for it. 

The concern Hassan has is that the feature basically makes it possible for anyone to find your exact location which is incredibly dangerous. This is especially true on Telegram which, while a normal messaging app in itself, is preferred by extremist groups and hackers. 

How 'People Nearby' works

In a blog post,  Hassan outlined how the feature's distance model can be used to triangulate a user's exact location.

If a user's Telegram has 'People Nearby' activated you can go in and see how far people are from your location. On the list of nearby people, it will tell you how far they are from your location. 

This makes it possible for someone to "spoof" the others exact location by three points and using those to draw three triangulation circles according to Hassan. 

Upon attempting to spoof an address of a user, Hassan found he could find their exact home address, just through this process. 



from TechRadar - All the latest technology news https://ift.tt/3bg166V

No comments:

Post a Comment