#ISW, May 8 assessment: "Reports indicate that there is an available open-source tool that allows people to search by specific coordinates for Telegram users who have enabled a certain location-sharing setting."
But of course there is. The russian-engineering, roll-your-own-crypto, cryptocoin-shilling, encrypted-but-not-encrypted messaging app to have a zero-day exploited privacy flaw exposing users' location? I can't imagine where such failures would come from.
Apparently some people are confused about a purportedly secure, private messenger having not just a location sharing capability, but one implemented so badly that it allows a malicious actor to triangulate another user's exact location without permission, an entirely avoidable incident. That's what I call roll-your-own russian engineering. So badly done, it's hard to prove whether it was malicious or just stupid.
@osma Why is this news? Of course a "find people nearby" feature lets you find people nearby, and it should be obvious to anybody with even a passing knowledge of cybersecurity that it's impossible for any app to protect itself against malicious users spoofing their location. If you're on Android, you don't even need a special tool for that, there's a way to set a gps-spoofing app right in developer settings.
Add comment