A vulnerability exposes your precise geolocation to hackers

Is the Telegram app really as safe as it claims to be? Cybersecurity researcher Ahmed Hassan recently found that the “people close” feature of the messaging service can make your geolocation vulnerable to hackers under certain conditions, especially if you are using an Android device. Back to that discovery.

The “people nearby” feature has been questioned

“People Nearby” is a Telegram feature that, as the name suggests, can be used to find other users of messaging services in your area. Disabled by default, this is not really a problem as it does not tell users the exact location, just the approximate distance they are.

In the same category

The US government accuses Russia for the first time in the SolarWinds case

Then independent researcher Ahmed Hassan discovered that this feature could be used by hackers to pinpoint the location of the users who activated it. Worse still, there are three methods to achieve this. If the first equipment is hard to come by, the second and third are within everyone’s reach.

To provide evidence of his discovery, Ahmed Hassan used the second method. Thanks to a simple application available for free on the Play Store, the researcher was able to identify the exact address of another user he did not know.

The telegram remains silent

Ahmed Hassan has no doubt: this functionality is problematic, particularly because “most users don’t understand that they are sharing their location and possibly even their personal address,” he said. in an email to Arstechnica.

To address this vulnerability, the researcher contacted the Telegram teams directly by sending them a video showing how he had managed to get the exact address of a user through “people nearby”. To which the mail service would have replied that this wasn’t a real problem since the feature is disabled by default.

However, from a technical perspective, it is easy to correct (or at least make it more difficult to exploit) this vulnerability. It would be enough to round off the spaces and add a certain number of random bits. Our colleagues at Arstechnica also state that “when the Tinder application had a similar vulnerability, developers used a technique of this type to correct it.”

While waiting for Telegram to decide to act, all we recommend is to double-check that the “People Nearby” feature is indeed disabled on your devices. Currently, this is still the best way to ensure that your exact address cannot be found by malicious people.

Report Rating