Software, no matter how secure, is always at risk of being misused, hacked or used as a tool to hack others. Most of the time, hackers exploit features that are readily available in the software, which is what happened in a recent incident with popular messaging app Telegram.
Now, the Stuff office has been quite vocal about Telegram’s security features and end-to-end encryption. None of that really matters much, after developers pushed out a new feature called People Nearby, which shows your approximate location to Telegram users nearby.
Luckily, people actually have to enable the feature, as it’s automatically turned off after updating. So it’s not like everyone’s susceptible to being ‘hacked’. Also, this isn’t really a ‘hack’ per se. According to ArsTechnica, an independent researcher called Ahmed Hassan found that the feature can quite easily be abused and used to pinpoint a user’s exact location.
Telegram’s vulnerability
By using available software, Hassan was able to ping three fake locations from a rooted Android phone around the target’s approximate location. In doing this, he was able to narrow down the exact location by effectively ‘cornering’ the target’s location pin. So by “…measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location,” as ArsTechnica reports.
But it looks like the app’s location-sharing issues don’t stop there. Telegram also gives users the ability to create local groups using geographic locations — something like a community group in a specific suburb for example. These groups are also particularly vulnerable to hackers. Anyone with enough knowledge of the feature will be able to “… crash these groups and then peddle fake bitcoin investments, hacking tools, stolen social security numbers, and other scams.”
When shown that its app feature has this vulnerability, Telegram developers didn’t express much interest in fixing the issue.
The problem is, many users won’t even realise they’re divulging their exact location or home address to potential hackers and scam artists. The best way to ensure your location stays private, is by switching off location sharing for apps that aren’t in use.