Telegram’s new “People nearby” feature shows a list of other users nearby and their approximate proximity to you, allowing you create group chats based on geographic location. The feature is disabled by default and must be manually enabled by the user, but it is an idiosyncratic addition to an application that markets itself as an end-to-end encrypted messaging service – and according to security researcher Ahmed Hassan, it is a major security risk.
Users can falsify their geographic location on Telegram by opening them possible blows. “Many scammers falsify their location and try to sell investments in fake bitcoins, hacking tools, SSNs used for unemployment fraud and so on. The amount of illegal activities I saw there made Silkroad look like it was run by amateurs, ”explained Hassan inside a recent blog post.
Worse, Hassan identified a flaw in the People Nearby feature that could allow malicious actors triangulate the exact location of other application users using two accounts with fake addresses.
This opens users to hacks, stalking or worse – and Telegram as announced without plans to fix the problem. Hassan reported the vulnerability to Telegram, but the company says it will not be fixed. In fact, Telegram told Hassan that finding a user’s specific location is an “expected” result of the People Nearby feature in certain cases. The answer seems inappropriate for an encrypted messaging app that sells on your privacy features. Even adding a more detailed warning that other users could find your precise location would be helpful, but it looks like that won’t happen either.
To be fair, Telegram is generally more secure than other chat appsand because Nearby people is disabled by default, it is may not seem serious question. However, users may inadvertently activate the feature, thinking that they are simply conveying their general closeness to another person, and not your exact location. What if you value your privacy, not use the People Near Telegram feature.
[TechRadar]
G / O Media can receive a commission