EXECUTIVE SUMMARY:

Hackers may be able to see your home address through this app

The Telegram messenger app is one of the most popular messenger apps worldwide. The app sees 400 million monthly users. Messages are end-to-end encrypted. They are not saved on company servers and users can delete their message threads after a chosen duration of time.

Despite the app’s sophistication, when you enable a certain feature on the Telegram messenger app, a documented exploit could enable a hacker to access your geographic location. For many under stay-at-home orders, hackers could find your home address.

Is this an issue for both Android and iOS Telegram messenger apps?

Yes. With iPhones, the issue may pertain to some apps/phones, but not all.

How is Telegram resolving this issue?

According to Ars Technica, “developers said they have no plans to fix it”. A response from the app maker stated, “it’s expected that determining the exact location [of a person] is possible under certain conditions”.

What are the details around this problem? 

The problem derives from a Telegram feature known as “People Nearby”. When users download the app, the feature is off by default. However, when users switch this feature on, their geographic locale is visible to others who are also using the feature.

If the feature is used as intended, privacy is not much of a concern. A user’s location is only reported in approximates. Knowing that someone is within a 1 kilometer or 600 meter radius “still leaves stalkers guessing where, precisely, you are”. It’s not easy for a hacker or a stalker to pin-point your home address this way.

However, an independent researcher’s analysis shows that the feature can be coopted to reflect a person’s exact location.

How can the Telegram app divulge someone’s exact location?

A researcher has demonstrated that by using readily available software and a rooted Android device, a hacker can spoof the location that his/her device shares with Telegram servers. If the hacker uses three separate locations and measures the corresponding distance as reported in the People Nearby feature, a hacker can triangulate a person’s exact coordinates.

Telegram app local groups are at risk of cyber scams

The app offers a feature that enables local app users to create community groups within their geographic locales. In the past, hackers have been able to identify these community groups, and have attempted to entice them with fake bitcoin investments. Hackers have perpetuated other sorts of scams within these small circles.

Preventing hackers from exploiting your home address

To safeguard your privacy, ensure that the Telegram feature in question is switched off. Individuals who wish to keep their precise locations away from prying eyes should proceed cautiously with location-based app services.

For more on this story, visit Ars Technica.