New Delhi, Oct 2: Instant messaging app Telegram's desktop app had a major flaw that put both public and private IP addresses of users vulnerable during voice calls.
Security researcher Dhiraj Mishra discovered that Telegram's desktop version was leaking both public and private IP addresses whenever users made voice calls to its peer-to-peer framework.
Where mobile users could turn off peer-to-peer calls and keep their information secret, you had no choice but use the technology on the desktop. That could open you to attacks or disclose your location regardless of how careful you might otherwise be.
The company has fixed the issue in both the 1.3.17 beta and 1.4 versions of Telegram by giving you options to either disable peer-to-peer calling entirely or limit it to your contacts.
Mishra received a €2,000 (about $2,300) bounty for the find. It's not Telegram's proudest moment, but the flaw does serve as a reminder that you can't assume an app is airtight simply because of its reputation, even if most of its policies are sound.
Many apps in the past have fallen prey to such issues. Besides, the mining of cryptocurrencies is a lucrative business. But why shell out hefty sums to buy this mining equipment when you can hijack other people's mobiles and computers to do the same for you? Now that's what the hackers are up to.
According to Malwarebytes, hackers managed to breach the security barrier of millions of Android phones through malicious ad redirect scam. The exact method is yet to be determined, but it seems the users downloaded the malicious apps that redirected them to a website.