A bug finder claims Telegram's feature People Nearby can be easily exploited to find the exact location and see their profiles. However, Telegram does not seem to find any issue with the feature.

A blog post, Ahmed's Notes, illustrated how the feature can be exploited to track nearby users, see their profiles, and know their locations.

Telegram’s People Nearby Feature can be exploited
(Photo : Christian Wiediger/Unsplash)
Telegram’s People Nearby Feature can be exploited

Telegram's People Nearby Feature can be exploited

The People Nearby feature of Telegram enables sending private messages to other nearby users. Also, profile details of those who activated Make Myself Visible will be displayed to users around them. 

Telegram added this feature in June 2019 while the version 2.0 was rolled out in February 2020. If users enabled the Make Myself Visible option, their profile names and display photos will show up in contacts of those using the People Nearby option. This will allow users to send messages to other users near them, even if they close the app or navigate away from it. 

Bug hunter Ahmed wrote a blog post on how to locate a user with the feature using a simple triangulation. According to Ahmed's Notes post, People Nearby feature can reveal the user's exact location and how far the person is. A user can plot others' three-point coordinates by simply walking within seven miles using a location app such as Fake GPS. They can note how far the person from these locations to and find his or her exact location using these three triangulation circles.

Ahmed noted that having such precise measurement makes the People Nearby feature prone to misuse and exploit. "It is so easy to perform an orchestrated attack on neighbors (more generally, all people within reach)," Ahmed said in reply to a comment.

Read also: Pro Traveller Gives Useful Travel Tips in TikTok, But People Only Noticed How He Wore His Face Mask

Telegram finds no issue with the People Nearby feature

On Dec. 22, Ahmed claimed to have reached out to Telegram with complete details about how the exploit can be performed and the company asked him to create a video of it, which he did. After 14 days, Telegram noted that the People Nearby section is disabled by default while users who op to share their location could enable the feature.

Telegram’s People Nearby Feature can be exploited
(Photo : own work)
Telegram’s People Nearby Feature can be exploited

"It's expected that determining the exact location is possible under certain conditions," Telegram said in the email shared by Ahmed in his post. The company added its bug bounty program does not cover the exploit.

Good thing, it can be easily fixed by simply switching off the Make Myself Visible option, which is turned off by default.

With almost 500 million users using Telegram, which touts its privacy features, particularly the end-to-end encrypted video calling for iOS and Android apps, although group calling is currently not yet available. Users can make video calls to anyone in their contacts while they can also have chats at the same time.

Meanwhile, Telegram will be introducing new features later in 2021 that Premium users can pay for as the platform aims to reach billions of users across the globe. However, all features that are currently free will remain free.

Related article: Telegram Introduces Voice Group Chat Feature, Similar to Discord

This is owned by Tech Times

Written by CJ Robles 

ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.