Telegram has made a name for itself for being a secure communication channel. It was known for encryption and respect for privacy long before those names were familiar to most people; long before WhatsApp with its encryption was a thing.
That what makes the revelation made by security researcher Dhiraj Mishra quite heart breaking. We know that there are many unsecure apps out there, but Telegram is among the holy grail of data encryption, security, and privacy. It’s like all of a sudden we learn that Tor is not that secure.
Apparently Mishra discovered a bug with the Telegram for Windows app (version 18.104.22.168 WP8.1) and the Telegram for Desktop (1.3.14). These two version of the Telegram for Desktop app, have been found to be leaking user’s IP address when their making calls.
“Telegram is supposedly a secure messaging application, but it forces clients to only use P2P connection while initiating a call,” wrote Mishra in a blog post. “However this setting can also be changed from Settings > Privacy and Security > Calls > Peer-to-peer to other available options.”
Mishra found that the Telegram for Desktop and Windows version have broken the long-running trust users have bestowed on the app over the years.
This revelation is particularly disturbing given the fact people bestow a lot of trust on Telegram. It always comes highly ranked; perhaps not the top most, but certainly among the top. After this revelation, it is reported Dhiraj was awarded 2,000 for his discovery, and Telegram has since released an update fixing this issue.