A flaw can reveal your exact GPS position on Telegram
Little surprised, Telegram indicated that this was not a significant issue
Telegram messaging, which offers end-to-end encrypted conversations, is the victim of a flaw. According to a cybersecurity researcher, there is a fairly easy way to know the exact position of a user, reports Ars Technica relayed by 01net.
This vulnerability is only possible if the user has activated the “People Nearby” function. This allows you to see which Telegram users are around you. But under certain conditions, it is possible to have the precise position of a user.
Telegram: hack exposed users' position https://t.co/sTHMJjD1zR pic.twitter.com/NRwpkXnVPs- J. Tech. (@Jerome_nTech) January 6, 2021
The technique of triangulation
On his blog, researcher Ahmed Hassan specifies that there are three methods to achieve this but details only one. It consists of using the Spoof GPS app on a rooted Android smartphone. This application allows you to falsify your GPS coordinates. By changing the location three times, the hacker can then determine the position of the targeted user through triangulation.
The telegram was notified in late December by the researcher. The company did not respond until a fortnight later without expressing any surprise or concern. “Users intentionally share their location, and this feature is turned off by default. It is expected that the determination of the exact location will be possible under certain conditions ”.
The researcher's discovery is therefore not covered by Telegram's bug bounty program, which rewards those who identify bugs and flaws in programs. Android users would be more exposed: the application gives a more precise location than iOS, says Ars Technica. It is therefore best to leave this feature disabled.