Flaw in Tinder Dating App Allowed Hackers to Determine the Exact Location of Any User


[youtube:http://www.youtube.com/watch?feature=player_embedded&v=3E2DwdS_PvQ%5D

Last year, when it fixed a privacy vulnerability in its dating app, Tinder might have actually introduced a new bug that exposed the exact location of any user. The security hole has been fixed.

The old vulnerability, which enabled hackers to query the Tinder API and obtain the coordinates of any user, was addressed in July 2013. Later, in October 2013, researchers from Include Security identified and reported another security hole.

This flaw exposed the exact latitude and longitude of any user. Experts built an app, called TinderFinder (it’s not being made public), to obtain a target’s exact location by using triangulation.

Include Security says this vulnerability is not specific to Tinder, these types of issues being found in many mobile apps.

The flaw was fixed by Tinder sometime between December 2 and January 1. Tinder hasn’t been too keen on sharing fix details with the security researchers.

You can check out the video published by Include Security to see how this attack worked. Additional technical details are available on Include Security’s blog.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s