IS TELEGRAM THE ANOTHER PRIVACY BOMB WAITING TO EXPLODE?
After the new and updated privacy policies by Whatsapp, there is a buzz about privacy issues and concerns in the new policies that can harm a user’s personal life, everywhere around the globe. As a result of this, everyone is trying to find out the Whatsapp alternative which can respect the privacy of its users.
In the past two years, Telegram is considered to be one of those alternatives which most critics think can respect its user’s privacy and replace Whatsapp. But due to overgrowing piracy content on this platform from the past couple of years, it has kept several professionals away from this platform.
There is no doubt on this fact that Telegram respects its user privacy more than Whatsapp. We can believe in this fact that our chats are temporary and safer than Whatsapp, our media which we send is more secure on its server. But in this competitive environment, giants need to keep releasing something new which their audience love. Nowadays, the most trending topic for entertainment purposes is that of Dating sites. These kinds of sites allow a user to make or explore persons who are located nearby their locations and hence make a particular person find their own match!
Telegram has too introduced a similar feature of People Nearby by enabling which any user can find the nearby persons and start a chat with them. But this feature can pose your privacy too at risk and an attacker can easily be able to see where do you live and what are you doing. Security researcher Ahmed has found that bug which can help attackers to track the user’s activity. Let’s see how one can do it
TRACKING USER’S EXACT LOCATION USING TELEGRAM
When a user turns on this service on its device, a user needs to agree to the terms and conditions which states that your location is shared by the people near you. Here you will think that we get that exact location of a user but it is not like that! When you agree with terms and conditions and allow access to this feature, you will only get the distance at which the users are located from your origin position like this in the following screenshot.
Now the big question here comes is “How can we find the exact location of the target user using this location ?” Well, security researcher, Ahmed did so by simply applying a technique of approximation to find the location of the target user.
Requirements to execute the same:
- A rooted device with Android version less than 11.
- GPS spoof application which can be installed by clicking here.
The very first thing need you need in this procedure is to make sure you have the tentative location where the target user is located and the feature People Nearby is enabled on his device. If both conditions are checked, only then proceed further.
After confirming the tentative location of the user, spoof your GPS location using the above spoof GPS app in 7 miles of radius around the target user or victim 3 times and collect the coordinates of the spoofed location as done by the security researcher below.
Now you have 3 different but very close coordinates of locations around the victim. Now use the Google Earth application and search for the given coordinates location and draw circles around the location in the similar manner as done by the researcher:
Now as we all have read in Mathematical Geometry, the intersection point of all three circles is the most common point and proves out to be the home location of the user.
CONCLUSION
After reporting this bug to the Telegram Security team by the researcher, they said that this is not a bug as the user has consented to allow Telegram to share its location with other users. Therefore, as of now any attacker using the above technique can find out the exact location of the user.
Furthermore, we at Ethical Debuggers suggest our readers to be cautious while allowing any third party apps access to your contacts, location, etc. As you can see in the above example, allowing access to location to be shared proves out be a threat to your privacy!
Some great deals to check out for:
- Become zero to hero in cybersecurity using this The A-Z Cybersecurity Developer Bundle which contains more than 170 hours+ of instructions from reputed trainers at just $39.99. To buy or know more about this deal, click here. Original Price: $999
- Protect your online security with Nord VPN and Nord Pass Manager. Buy a 2-year subscription for this combo at just $99.99. To buy more or know more about this deal, click here. Original price: $406
- Protect your system with Heimdal™ Thor Vigilance: Next-Gen Antivirus at just $39.99 for 5 years. To buy it, click here. Original Price: $249
Disclaimer: The above-suggested deals are from third-party vendors and prices mentioned for the above deals may or may not change at the time you buy. We are not responsible for the change in price after 24 hours.
