Telegram Bot Security Questions

[jmai444]

This is more of a question than an issue.

I noticed some Telegram related error messages in my log at a time when I am certain no activity should have occurred. The system was disarmed and the phone was sitting next to me on the sofa.

Sep 30 10:25:33 raspberrypi rpi-security.py:Dummy-1 Motion detected but current_state is: disarmed
Sep 30 10:26:01 raspberrypi rpi-security.py:dispatcher Update "None" caused error "Invalid server response"
Sep 30 10:26:02 raspberrypi rpi-security.py:dispatcher Update "None" caused error "Invalid server response"
Sep 30 10:26:04 raspberrypi rpi-security.py:dispatcher Update "None" caused error "Invalid server response"
Sep 30 10:26:05 raspberrypi rpi-security.py:dispatcher Update "None" caused error "Invalid server response"
Sep 30 10:26:33 raspberrypi rpi-security.py:Dummy-1 Motion detected but current_state is: disarmed

Could someone else be chatting with my bot?

Is there anything stopping others from issuing commands to my bot?

Or barring that, does anything prevent the bot from acting on those commands?

Thanks

[FutureSharks]

Those errors are just network issues. The bot connection is persistent so any issues or latency sometimes show errors.

But you bring up a good point about privacy. I don't think there is any way to stop someone sending your bot commands other than they won't know it's name. As far as I can see you can't search for bots either.

Maybe I could add a filter to only accept commands from a specific user or users but I would have to investigate a little.

[jmai444]

Thanks for the reply.

Could the bot be made to action commands solely from the first person to chat with it by comparing to to the saved chat id?

[FutureSharks]

Done: https://github.com/FutureSharks/rpi-security/pull/15