Instant messaging app Telegram, that also allows the users to make voice calls just like Whatsapp was reported to contain a bug in its desktop app that was leaking users IP addresses. A researcher had found the desktop version of the Telegram app contained a bug that was causing the users IP address to be leaked while making video calls. Since the users did not have an option to disable this feature, it left them vulnerable to attacks from hackers and other cyber threats.
Now, Telegram has announced that it has fixed the bug that was causing this issue on the desktop app via a new update. The security team of the company has reportedly awarded the researcher EUR 2,000 (Rs 1,68,900 approximately) for discovering the bug that could have left thousands of users vulnerable to attacks had it gone unnoticed.
Security researcher Dhiraj Mishra had discovered this bug on the desktop version of Telegram app. According to him, the app was leaking both public and private IP addresses of the users while making voice calls over a P2P (peer to peer) network. While smartphone users have the option of disabling the P2P calls feature on the settings page by going to Settings> Privacy and Security> Calls> Peer to Peer, there was no option to disable this feature on the desktop version of Telegram.
The voice calling feature on Telegram app works by establishing a direct P2P connection between the users and by exchanging packets of data. This type of connection is quite vulnerable as it exposes the users IP addresses and any hacker can track these calls to get them. While smartphone users can disable this feature by changing the settings, there was no such option available on the desktop version leaving the users vulnerable to cyberbullying.
Now the company has fixed the issue via an update with version number 1.3.17 beta and 1.4. Desktop users of Telegram are advised to update the app to the latest version to remove this bug. Then can head to Settings> Privacy and Security> Calls> Peer to Peer and set the option to Nobody to disable the P2P calling feature.