Telegram messenger app is a messaging service that does a good job at protecting your privacy. Like for instance, during the riots in China, people had used Telegram to communicate. The service then refused to hand over user data to the Chinese government. However, when you enable a feature that allows geographically close users to connect, it is easy for hackers to be able to get your precise location.
This feature is called ‘People Nearby’. By default, it is turned off, however, you may want to check if you have it on. When users do enable this feature, their geographic distance is shown to other people that have the feature turned on. The feature, however, doesn’t reveal where exactly you are.
The researcher, Ahmed Hassan, had shown how you can abuse the feature in order to find someone’s exact location. Using software as well as a rooted Android device, he was able to spoof the location his device reports to Telegram’s servers. By using three different locations and measuring the corresponding distance reported by People Nearby, he was able to find a user’s exact location.
Hassan had also said that scammers could spoof their location to crash groups, peddle fake bitcoin investments, stolen social security numbers and more. If someone were to use the sharing feature to chat with a local group (you can create local groups with the ‘People Nearby’ feature), they could have unwanted stalkers. The researcher had also said that “Most users don’t understand they are sharing their location, and perhaps their home address.” A very dangerous thing to share.
Telegram’s Response
People Nearby poses a bigger threat to those with Android devices. This is due to the fact that these devices report users’ location accurate enough to make Hassan’s method actually work. However, with iOS 14, locations are only reported as a rough estimate. So people using iOS 14 aren’t as exposed. The researcher that had found this issue had reported it to Telegram. The service, in turn, had said that they have no plans to fix it.
The issue is reported to be fairly easy to fix or to make harder to exploit. If locations were rounded the nearest mile and adding on random measurements on, could easily help. Tinder had this same kind of issue, and the developers had used this method to fix the issue too.
If this is of concern to you, then our advice is to switch this feature OFF!
