Dhiraj Mishra, a security researcher from Mumbai, India found that under specific conditions, the Telegram desktop clients for Windows, Mac, and Linux would uncover users' IP address, notwithstanding when the user was configured to protect this data.
Despite the fact that the program describes itself similar to a protected and private correspondence application, yet the researcher has demonstrated that in its default design it would permit a user's IP address to be leaked when making call.
The leak, happening just amid voice calls, happened notwithstanding when the "Peer-to-Peer" connection choice was set to "Nobody." A Peer-to-Peer connection isn't private by outline, as it directly exposes the two participants.
|P2P Settings in Telegram for iOS|
When utilizing Peer-to-Peer to begin Telegram calls, however, the IP address of the person you are conversing with will show up in the Telegram console logs. Not all forms incorporate a console log. For instance, Windows does not show a console log in their tests, while the Linux variant does.
The Telegram application indicates that users can keep their IP address from being disclosed by changing the setting as doing it will make the user's calls to be steered through Telegram's servers, which would then shroud the IP address, however at the expense of having a slight abatement in sound quality.
Dhiraj, the researcher even shared a Proof of Concept video to BleepingComputer that showed how the IP addresses were leaked. Where he explained about the 3 IP's that leak:
1. Telegram server IP (That's Ok)
2. Your own IP (Even that's okay too)
3. End user IP (That's not okay)
|IP address leak in Telegram console log|
The issue since its revelation has been a matter of deep concern that was patched by telegram with the release of Telegram for Desktop v1.4.0 and v1.3.17 beta.
Nevertheless telegram clients who particularly utilize the application for its obscurity highlights are advised to update their desktop clients at the earliest opportunity to patch the bug that has the ability to very easily leak their IP address.