Data Security, Privacy

Telegram proxy links expose user IP addresses

Telegram app on smartphone screen. Telegram messenger, free speech, security, privacy

A vulnerability in Telegram's handling of proxy links could expose users' real IP addresses with a single click. Security researchers demonstrated that specially crafted links, disguised as ordinary usernames or harmless URLs, could trick Telegram clients into connecting to an attacker-controlled proxy server. This connection reveals the user's IP address before the proxy is even added to their settings, with further coverage provided by Bleeping Computer.

The exploit targets Telegram's feature for easily configuring MTProto proxies via t.me/proxy links. When a user on Android or iOS taps such a link, the client automatically attempts to connect to the specified proxy server to test it. Attackers can create malicious links that appear innocuous but point to their own proxy servers. Upon clicking, the Telegram app initiates a direct connection, bypassing any existing VPN or proxy, thereby logging the user's actual IP address. This exposed IP can then be used for deanonymization, location tracking, or launching further attacks. The issue was highlighted by researchers who shared proof-of-concept examples.

While Telegram downplayed the severity, stating IP logging is common for any web service, they have committed to adding warnings for proxy links. This incident underscores the importance of user awareness regarding link manipulation and the potential for seemingly convenient features to be exploited.

Source: Bleeping Computer

You can skip this ad in 5 seconds