Telegram’s new “People Near” feature displays a list of other nearby users and their approximate proximity to you, allowing you to create group chats based on their geographic location. The feature is off by default and must be manually activated by the user, but it’s an idiosyncratic addition to an app that markets itself as an end-to-end encrypted messaging service – and according to security researcher Ahmed. Hassan, this is a security risk.
Users can fake their geographic location on Telegram, exposing them to possible scams. “Many scammers tamper with their location and try to sell investments in fake bitcoin, hacking tools, SSNs used for unemployment fraud, etc. The amount of illegal activity I saw there made Silkroad look like it was run by amateurs, ”Hassan explained in a recent blog post.
Worse yet, Hassan identified a flaw in the People Nearby feature that could allow criminals to triangulate the exact location of other app users using two accounts with fake addresses.
This opens up users to hacking, stalking or worse – and Telegram, as advertised, has no plans to fix the issue. Hassan reported the vulnerability to Telegram, but the company says it will not be patched. In fact, Telegram told Hassan that finding a user’s specific location is an “expected” result of the People Nearby feature in some cases. The answer seems odd for an encrypted messaging app that sells itself on its privacy features. Even adding a more detailed warning that other users might find your exact location would be helpful, but it looks like that won’t happen either.
To be fair, Telegram is generally more secure than other chat apps, and since people nearby are disabled by default, that might not seem like a big deal. However, users may inadvertently activate the feature, believing that they are simply conveying their general proximity to someone else, not their exact location. If you value your privacy, do not use the People Near Telegram feature.
Telegram “People nearby” feature can allow hackers to detect the precise location of users
Features that are sometimes released to add functionality can become loopholes. One feature that Telegram recently launched is another similar feature, called People Near. One researcher described it as a flaw, as it is able to detect the precise location of a nearby user and warn of potential threats.
People Nearby to Telegram – bug or feature?
Telegram launched a new feature called People Nearby, which would allow users to explore nearby Telegram users who were in that section at the time. This can be interesting because it allows other interested people to get involved and also allows users to create local groups.
As a result, they need to turn on-location services to allow Telegram to identify your approximate location and list them in the People Nearby section. But it was seen in another way by an independent researcher named Ahmed Hussian, who claims it is a security threat.
He said people nearby can be exploited using simple free tools by a threat actor to tamper with their location and be exploited by others. That way, it could connect with targets or join groups and spam them with fake Bitcoin investments, hacking tools, stolen social security numbers, and other scams.
He demonstrated this using a rooted Android phone and a free GPS spoofing app and also made a video. He shared his findings with Telegram in the hopes of winning an award, but the company responded by saying that it was never a bug, but a planned feature, and concluded that it was not. not covered in its bug reward program.
Telegram also said that this feature is turned off by default and will only be used by people who have chosen it intentionally. So, it all depends on how the resource will be used, good or bad. And Telegram users are recommended to keep this feature disabled unless required.