Recently security experts revealed that mobile dating apps have a high risk of hacking to expose the precise location of the user.
Recently security experts revealed that mobile dating apps have a high risk of hacking to expose the precise location of the user. This can lead to dangerous consequences like stalking, harassment, blackmailing, and other crimes.
The two researchers from Synack, a cybersecurity firm, who discovered the location-leaking vulnerabilities, Colby Moore and Patrick Wardle used mostly Grindr in their experiment, but they said that all other dating apps that use location services have security issues in the same way.
The two managed to track people as they moved around the city during the day because Grindr already shows users that have signed up for the app where they are, and it also shows how far away other users are as well. Grindr, like other dating apps, using multiple different sources to generate an exact location to measure the distance. To exploit the vulnerability, they sent requests to the servers, each one that appears from a different location. This allows them to estimate the user’s distance from each of these places, and then make an exact location by triangulation.
At the Shmoocon conference, Colby presented the massive security flaw and managed to create a map of all the Grindr users in San Francisco. He also said that the map, coupled with information from social media could make it very possible to find a user’s identity.
Other researchers allege that while it’s not exactly simple to hack, they believe the security concern is being abused in Egypt to harass the users on the app. Colby also said that Synack had informed Grindr of the vulnerability, who in response updated its app in countries where homosexuality is illegal or have a history of violence against gay people. However, despite Colby’s assurance that he managed to replicate the attack multiple times on participants, Grindr announced that it had “no plans to change the location finding systems in nations where it was used because it was a ‘core function’ of the service rather than a security flaw”, as quoted by the BBC.
To date, only one maker fixed the loopholes, and even then, only managed to do so in some countries, but not all. Other users are still at risk.