Telegram is a communication application that allows users to conduct encrypted chats and calls with other users on the Internet. The program claims to be a secure private communication application, but one study found that in its default configuration, it leaks IP addresses during a user’s call.
With default settings, Telegram’s voice calls are made via P2P2. When using P2P, the IP address of the user’s call object will appear on the Telegram control log. However, not all versions have control logs. For example, the Windows version does not, but the Linux version does.
The Telegram application does show that users can prevent IP addresses from being compromised by changing settings. Go to Settings: Private – Security – Voice Call – Change Peer-to-Peer to Never or Nobody. With this setup, the user will need to make a voice call through the Telegram server, although the IP address is hidden but at the expense of audio quality degradation.
The problem is that although iOS and Android users can turn off P2P phone functionality, security researcher Dhiraj found that the conventional desktop and Windows versions cannot disable this feature. This means that the IP addresses of these users will be compromised when they use voice calls. Here’s an example of the Ubuntu desktop Telegram:
As an application known for its security and privacy, why does Telegram have such a vulnerability? When the media BleepingComputer asked Dhiraj if Telegram had a reason for doing this, he told us “Nope, no comments on this was provided.“
Source – Bleepingcomputer