Security Experts Slam Group Hook-Up App

Security Experts Slam Group Hook-Up App

Security experts have uncovered major new vulnerabilities in a group hook-up app, exposing private pictures, real-time location and highly sensitive personal details.





Security consultancy Pen Test Partners branded the 3fun app a “privacy train wreck,” claiming the privacy issues it found could end countless careers or relationships.





The app leaked location data right down to the house and building level. Some of the exposed users’ data even put their location on Downing Street and in the White House, although the researchers hypothesized that this could simply be tech-savvy users manually re-writing their position.





“Several dating apps including grindr have had user location disclosure issues before, through what is known as ‘trilateration.’ This is where one takes advantage of the ‘distance from me’ feature in an app and fools it. By spoofing your GPS position and looking at the distances from the user, we get an exact position,” explained Pen Test Partners’ Alex Lomas.





“But, 3fun is different. It just ‘leaks’ your position to the mobile app. It’s a whole order of magnitude less secure.”





Although users can restrict the sending of latitude and longitude information, this is only done client-side, which means the data is still available on the server and can be queried via API, he added.





Also exposed in the privacy snafu were birth dates, private photos – even with privacy settings applied – sexual preference, gender and relationship status.





It goes without saying that su ..

Support the originator by clicking the read the rest link below.