Security News > 2021 > January > Telegram Triangulation Pinpoints Users’ Exact Locations

A feature that allows Telegram users to see who's nearby can be misused to pinpoint your exact distance to other users - by spoofing one's latitude and longitude.

According to bug-hunter Ahmed Hassan, the "People Nearby" feature could allow an attacker to triangulate the location of unsuspecting Telegram users.

It's possible to spoof one's location for three different points, and then use the resulting three distances to precisely pinpoint where a target is, the researcher found.

"After [that]spoof the location near the user within a seven-mile radius limit. That's the limit Telegram has in placethen collect how far that person is from that point. Repeat three times."

Armed with the three locations, an attacker can then open Google Earth Pro, plug in the spoofed locations, and use a ruler to find the middle point between the three.

To fix it, the company could round user locations to the nearest mile "And add a static random noise," Hassan said.

News URL

https://threatpost.com/telegram-triangulation-users-locations/162762/