Telegram's desktop app had a major flaw that put both public and private IP addresses of users vulnerable during voice calls. Security researcher Dhiraj Mishra uncovered the flaw in Telegram's peer-to-peer framework. As explained in his blog on inputzero, Telegram forces clients to only use P2P connection for calls.
While mobile users can tweak the settings to keep the information private, the desktop version does not allow for such a setting, resulting in IP addresses getting exposed.
The flaw could have resulted in hackers wrongly gaining access to location data and other information related to IP address. Telegram has since then fixed the flaw by adding the option of 'P2P to Nobody/My contacts' in version 1.3.17 beta and 1.4 versions.
Recently, Telegram added more features and tricks to its iOS and Android versions that allow users to further customize and manage their messages.
Telegram is regularly making headlines as some governments work to ban the popular messaging service for being too-private and secure, therefore potentially giving terrorists a safe place to confidentially plan attacks. Furthermore, the app developers refuse to hand over encryption keys, which earns them more trust with their ‘over 200 million monthly users'.
Self-destructing messages are an attractive feature of the app, allowing users to set a timer for how long the conversation can be viewed. Then there's the ability to delete what has been written and sent, for everybody. Now, Telegram is introducing the same function for media. As the announcement for "Replace Media and Add Captions notes, “Sending the wrong picture by accident is rarely fun,” therefore photos and video can be replaced with correct versions and captions can also be added later.
With inputs from ANI