By Adedapo Adesanya
A security researcher, Mr Ahmed Hassan, has warned Telegram users to be careful of the new feature on the messaging platform called People Nearby.
The latest feature shows a list of other nearby users and their approximate proximity, letting them create group chats based on geographic location.
The feature is turned off by default and must be manually enabled by the user, but it’s an “idiosyncratic addition for an app that markets itself as a private, end-to-end encrypted messaging service,” according to Mr Hassan, who noted that it’s a major security risk.
He warned in a recent blog post that users can fake their geographic location on Telegram, opening them up to potential scams.
In his words, “Many scammers spoof their location and try to sell fake bitcoin investments, hacking tools, SSNs that are used for unemployment fraud, and so on. The number of illegal activities I saw there make the Silkroad look like amateurs ran it.”
Mr Hassan further identified a flaw in the People Nearby feature that could let people with ulterior motives triangulate the exact location of other app-users by using two accounts with fake addresses. This opens users up to hacks, stalking, or worse—and Telegram has announced it has no plans to fix the problem.
Mr Hassan reported the vulnerability to Telegram, but the company says it won’t be patched since it is an optional feature.
In fact, Telegram told Mr Hassan that discovering a user’s specific location is an “expected” outcome of the People Nearby feature in certain cases.
Mr Hassan claimed that the response feels out of character for an encrypted messaging app that sells itself on its privacy features. Even adding a more detailed warning that other users could find your precise location would be helpful, but it doesn’t look like that will happen either.
Although Telegram is generally more secure than other chatting apps, and since the People Nearby feature is turned off by default, this may not seem like a serious issue.
However, users could turn the feature on without knowing, thinking they’re simply broadcasting their general proximity to someone else, and not their exact location, which is why a warning would be warranted. It is believed that if many know about this and stake a claim, it might spur the app to action.
Experts have warned that if users value their privacy, they should not use Telegram’s People Nearby feature.