A security researcher reported that the People Nearby allows others to find the exact location and see the profiles of other users.
Security researcher Ahmed Hassan reported that the People Nearby allows others to find the exact location and see the profiles of other users.
According to Hassan’s blog, Ahmed’s Notes, the feature allows sending private messages to other nearby users but also reveals the personal details of those who choose to make themselves visible and provide their distance.
“If someone spoofs their latitude, longitude, they can triangulate a user and find their location. It is so easy to perform an orchestrated attack on neighbors (more generally, all people within reach),” warned Hassam.
Hassam added that since nearby users could create geographical groups, scammers often spoof their location to join them in order to sell fake bitcoin investments, hacking tools, stolen social security numbers, and other scams.
Ahmed reportedly contacted Telegram regarding the issue but the company replied that there is no issue with the feature and that it is turned off by default.
Telegram added that the feature is not included in their bug bounty program.