An exploit recently discovered in the current generation of Grindr applications allows anyone with an internet connection and skill enough to query Grindr’s servers. Grindr, and applications like that, function using a cell phone’s geo-location information based on a combination of cell phone signal, proximity to wi-fi hot spots, and use of GPS tech. Generally, Grindr will provide users with a general idea of where they are in relation to one another denoted in a chosen unit of measurement.
When questioned about the security flaw, a Grindr representative claimed that the sharing of location data was a feature of the application, rather than a mistake. This particular bug, however functions somewhat differently than how the average Grindr user’s phone might.
By pinging Grindr’s servers for location requests linked to a particular Grindr user multiple times, it is possible to triangulate a person’s exact location with a degree of accuracy uncharacteristic of the application. In addition to detailed location information, it is possible to parse all of the information included on a Grindr user’s profile. All of this can be achieved without actually using Grindr from either a phone or a tablet, as explained by NDTV. The only protection that Grindr users have at their disposal currently is to completely disable any locational permissions given to the app, effectively crippling it.
According to NDTV, an anonymous samaritan has been using the flaw to let people using Grindr in countries known to be hostile towards gays know that their identities could, in theory, be compromised. As of the 19th, the hacktivist reported having contacted 100,000 Grindr users in over 70 countries with anti-gay laws in effect. Since then they’ve taken to posting warnings to a Twitter profile, YouTube Channel, and a Pastebin text page.
No comments:
Post a Comment