Major vulnerability in Tinder dating app allowed user tracking
Posted on 20 February 2014.
Include Security unveiled new research showing that users of the popular online dating app Tinder were at significant risk due to a vulnerability they discovered in the geo-location feature of the application. This vulnerability allowed Tinder users to track each another's exact location for much of 2013.


Researchers first discovered the flaw and reported it to Tinder this past fall, citing that the vulnerability would allow any Tinder user to find another user's location if the Tinder app is running, or their last known location if not.

Using an algorithm called trilateration, researchers were able to get the exact latitude and longitude co-ordinates for any Tinder user.

Anyone with rudimentary programming skills could query the Tinder API directly and pull down the co-ordinates of any user. This resulted in a privacy violation for the users of the application.

Erik Cabetas, Managing Partner and Founder of Include Security said, "Due to Tinder's architecture, it is not possible for one Tinder user to know if another took advantage of this vulnerability during the time of exposure. The repercussions of a vulnerability of this type were pervasive given Tinder's massive global base of users. Once our research team discovered it, we reported the vulnerability directly to Tinder and followed up multiple times between October and December 2013 to ensure they were addressing the problem."

At some point between December and early January, Tinder did issue a fix for this problem.

"As more and more applications are being built to include geo-location services, there is an increased risk to the privacy and safety of users," added Cabetas. "Application vendors and developers have a responsibility to ensure their users' privacy and security is protected, vulnerabilities are communicated promptly, and priority is given to developing important fixes like this."

Here's a video of the vulnerability in action:






Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Dec 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //