Anorak News | Grindr weakness lets homophobes keep tabs on you

Grindr weakness lets homophobes keep tabs on you

by | 19th, January 2015



Want to keep track of gays? That quesion to you ISIS and other violent homophobes.

Anyone on Grindr, (the dating app with millions of monthly users) has a weakness.

Arstechnica reports:

 Synack independently confirmed the privacy threat, Grindr officials have allowed it to remain for users in all but a handful of countries where being gay is illegal. As a result, geographic locations of Grindr users in the US and most other places can be tracked down to the very park bench where they happen to be having lunch or bar where they’re drinking and monitored almost continuously, according to research scheduled to be presented Saturday at the Shmoocon security conference in Washington, DC.

…Grindr developers modified the app to disable location tracking in Russia, Egypt, Saudi Arabia, Nigeria, Liberia, Sudan, Zimbabwe, and any other place with anti-gay laws. Grindr also locked down the app so that location information is available only to people who have set up an account. The changes did nothing to prevent the Synack researchers from setting up a free account and tracking the detailed movements of several fellow users who volunteered to participate in the experiment.

The proof-of-concept attack works by abusing a location-sharing function that Grindr officials say is a core offering of the app. The feature allows a user to know when other users are close by. The programming interface that makes the information available can be hacked by sending Grinder rapid queries that falsely supply different locations of the requesting user. By using three separate fictitious locations, an attacker can map the other users’ precise location using the mathematical process known as trilateration.

Synack researcher Colby Moore said his firm alerted Grindr developers of the threat last March. Aside from turning off location sharing in countries that host anti-gay laws and making location data available only to authenticated Grindr users, the weakness remains a threat to any user that leaves location sharing on. Grindr introduced those limited changes following a report that Egyptian police used Grindr to track down and prosecute gay people.

Hey’s it’s the tchnology, right. It’s faultess…



Posted: 19th, January 2015 | In: Technology Comment | TrackBack | Permalink