Telegram’s new “People Nearby” feature shows a list of other users nearby and their approximate proximity to you you create group chats based on geographic location. The feature is disabled by default and must be manually enabled by the user, but it’s a peculiar addition to an app that markets itself as a private, end-to-end encrypted messaging service – and according to security researcher Ahmed Hassan, it’s a big security risk.
Users can spoof their geographic location in Telegram and access it for possible scams. “Many scammers forge their location trying to sell fake bitcoin investments, hacking tools, SSNs used for unemployment fraud, and so on. The amount of illegal activity I have seen there makes it seem like the Silkroad is being driven by amateurs, ”explained Hassan in a recent blog post.
Worse, Hassan concluded a flaw in the People in the Neighborhood function causing bad actors triangulate the exact location of other app users by using two accounts with fake addresses.
This opens users up to hacks, stalking, or worse – and Telegram, as announced, has no plans to solve the problem. Hassan reported the vulnerability to Telegram, but the company says it will not be patched. Telegram even told Hassan that discovering a user’s specific location is an “expected” result of the People Near feature in some cases. The answer feels strange for an encrypted messaging app selling itself privacy features. Even adding a more detailed warning that other users could find your exact location would be helpful, but it also looks like it won’t.
To be honest, Telegram is generally more secure than other chat apps, and since People Nearby is turned off by default, this may not seem serious matter. However, users may inadvertently enable the feature, think they are just broadcasting their general closeness to someone else, and not their exact location. If you value your privacy, don’t use the People near Telegram feature.
[TechRadar]
G / O Media can receive a commission