Features that sometimes released for adding functionality could turn to be loopholes. A feature that Telegram launched recently is one like that – called People Nearby. A researcher has described this as a loophole, as he’s able to detect the precise location of a nearby user, and warns about potential threats.
Telegram’s People Nearby – Bug or Feature?
Telegram has rolled out a new feature called People Nearby, which would let users explore nearby Telegram users who’re in that section at that time. This could be cool, as it let’s other interested people to engage, and also lets users create local groups.
Under this, they have to enable location services to let Telegram spot their approximate location, and list them in the People Nearby section. But, this was seen in another way by an independent researcher called Ahmed Hussian, who claims this as a security threat.
He said that People Nearby can be exploited using simple and free tools by a threat actor to spoof his location and be explored by others. This way, he could connect with targets or join groups and spam them with fake bitcoin investments, hacking tools, stolen social security numbers, and other scams.
He demonstrated this using a rooted Android phone and a free GPS spoofing app and made a video too. He shared his findings to Telegram hoping that would garner a bounty, but the company replied to him saying it’s never a bug, but an intended feature, and concluded that it doesn’t cover in their bug bounty program.
Telegram also said that this feature is off by default, and would only be used by people who intentionally opt for it. Thus, it all depends on how the feature will be used, good or bad. And it’s recommended that Telegram users keeping this feature off unless it’s necessary.