MANILA, Philippines – A TechCrunch report confirmed that one’s IP address can leak via an exploit found on messaging app Telegram.

Just by simply accepting a voice call from a contact with know-how of the exploit, a user’s IP address – a unique string of numbers serving as identifier, assigned to devices connected to the internet – can be stolen.

The tech site confirmed the findings of security researcher Denis Simonov, who was able to obtain the IP address of a test device used by TechCrunch to simulate the exploit. 

A leaked IP address holds some danger. As cybersecurity firm Kaspersky points out, “A sophisticated hacker or cyber criminal may be able to discover your approximate location or even your actual physical address using your IP address.” 

“Typically, this information isn’t available to just anyone – in fact, you normally need a court order to receive it. But someone utilizing advanced IP lookup tools may be able to obtain a physical address illegally.” 

Other online activities such as internet searches may also be seen by unwanted parties. VPN provider NordVPN also warns that a stolen IP address could open up a user to DDoS attacks, being framed for illegal online activities, and phishing incidents. 

Since the exploit requires that the hacker must be added to one’s Telegram contact list, users should be extremely careful on who they add on the popular messaging app. 

TechCrunch explains that this isn’t the first time that such an exploit on Telegram has been found. 

In Telegram’s explanation, however, that the exploit is rooted in one of the methods by which the app enables calls. By default, the app uses a peer-to-peer connection “for better quality and reduced latency,” Telegram spokesperson Remi Vaughn told TechCrunch.

As the site shows, this option can be turned off by going to settings, ang going to Privacy and Security, and then Calls, and then selecting “Never” in the Peer-to-Peer menu. 

Telegram shows a message, explaining the settings: “Disabling peer-to-peer will relay all calls through Telegram servers to avoid revealing your IP address but may decrease audio and video quality.” 

For trusted contacts, there’s also a setting that allows users to add exceptions, letting them use peer-to-peer for better quality. – Rappler.com