A researcher who noted that using the “People Nearby” feature of popular messaging app Telegram exposed the exact location of the user has been told that it’s working as expected. Folk who activate this feature see a list of other users within a few miles to “quickly add people nearby… and discover local group chats.” Using a utility that fakes the location of an Android device, Ahmed Hassan was able to discover the distance of individuals from three different points, and then use trilateration to pinpoint exactly where they were. He was able to retrieve exact home addresses using this method, which is not technically difficult. Using trilateration to pinpoint an exact location from three separate distances. Pic courtesy: Ahmed’s Notes Hassan reported the issue in the hope of a bug bounty only to be told: “Users in the People Nearby section intentionally share their location, and this feature is disabled by default. It’s expected that determining the exact location is possible under certain conditions.” “If you enable the feature of making yourself visible on the map, you’re publishing your home address online. Lot of users don’t know this when they enable that feature,” Hassan said. He also believes that there is a widespread problem with malicious users faking their location, joining local groups, and spamming users with fake Bitcoin investments or other frauds – evidence, he claims, of poor application security. In its FAQ Telegram claims to be “more secure than mass market messengers like WhatsApp and Line” based on its security protocols, but does not address the risks from malicious users.
Von Telegram FZ LLC – Derivate from <a href=”//commons.wikimedia.org/wiki/File:Telegram_Logo.webp” title=”File:Telegram Logo.webp”>File:Telegram Logo.webp</a>, Gemeinfrei, Link