Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,177
- Points
- 113
Dating apps merge users coordinates with frightening accuracy.
Researchers in Belgium have found that a host of dating apps can threaten users ' privacy by spreading their sensitive data and even their exact location. Karel Dondt and Victor Le Pochat from KU Leuven University analyzed 15 popular apps, including Tinder, Bumble, and Grindr, and came to disappointing conclusions.
As it turned out, all 15 applications allowed some sensitive information to leak, which can be used by intruders. According to the GDPR, such information includes data on ethnic origin, political views, sexual orientation, and health. Le Pochat stressed that access to this data does not even require hacking the servers of a particular service, just technical literacy and traffic monitoring are enough.
Six applications, including Bumble, Grindr and Hinge, allowed potential attackers to determine the exact location of users. This was achieved by analyzing the distances used to select partners.
Dondt and Le Pochat have previously studied data leaks in fitness apps such as Strava, and even presented their findings at the Black Hat Asia 2023 conference, which they plan to do this year at the Black Hat USA 2024 conference. Their new research grew out of Dondt's dissertation on personal data protection.
One of the methods used by researchers to determine the location of users through dating services was trilateration, similar to the GPS method. It allowed you to accurately determine the coordinates of the selected user by using the intersection of circles plotted at known distances.
In the Grindr app, researchers have identified a vulnerability that allows you to determine the user's location with an accuracy of up to a meter, even if they hide information about the distance in their profile. Some applications used the "rounded trilateration" or "oracle-trilateration" method, which also allowed attackers to determine the location fairly accurately. For example, the Badoo, Bumble, and Hinge apps were affected by these vulnerabilities.
The researchers noted that a data leak in dating apps can pose a serious threat to users ' security, including physical security. All because of the intimate nature of interactions in such apps.
Analyzing the traffic of applications, researchers were surprised to find that many of them send much more data than is displayed in the graphical interface. For example, you can hide your gender in Tinder, but this information is still passed to the API.
All companies whose applications were vulnerable were notified by the researchers, and most of the vulnerabilities described above, including location leaks, have already been fixed. However, some companies considered that such leaks do not pose a big threat and, in general, are the originally intended behavior of their application.
Researchers urge users to be careful with what information they share through dating apps. "Apps encourage you to share more information to increase the chances of a match, but what they don't know can't be leaked for sure," Dondt rightly noted.
This study serves as a reminder that in the pursuit of online communication and romantic relationships, we should not forget the price we pay for the apparent ease of such communication. Every user should be aware of their responsibility to protect their personal data and critically evaluate what information they are willing to entrust to the digital world and what they are not.
Source
Researchers in Belgium have found that a host of dating apps can threaten users ' privacy by spreading their sensitive data and even their exact location. Karel Dondt and Victor Le Pochat from KU Leuven University analyzed 15 popular apps, including Tinder, Bumble, and Grindr, and came to disappointing conclusions.
As it turned out, all 15 applications allowed some sensitive information to leak, which can be used by intruders. According to the GDPR, such information includes data on ethnic origin, political views, sexual orientation, and health. Le Pochat stressed that access to this data does not even require hacking the servers of a particular service, just technical literacy and traffic monitoring are enough.
Six applications, including Bumble, Grindr and Hinge, allowed potential attackers to determine the exact location of users. This was achieved by analyzing the distances used to select partners.
Dondt and Le Pochat have previously studied data leaks in fitness apps such as Strava, and even presented their findings at the Black Hat Asia 2023 conference, which they plan to do this year at the Black Hat USA 2024 conference. Their new research grew out of Dondt's dissertation on personal data protection.
One of the methods used by researchers to determine the location of users through dating services was trilateration, similar to the GPS method. It allowed you to accurately determine the coordinates of the selected user by using the intersection of circles plotted at known distances.
In the Grindr app, researchers have identified a vulnerability that allows you to determine the user's location with an accuracy of up to a meter, even if they hide information about the distance in their profile. Some applications used the "rounded trilateration" or "oracle-trilateration" method, which also allowed attackers to determine the location fairly accurately. For example, the Badoo, Bumble, and Hinge apps were affected by these vulnerabilities.
The researchers noted that a data leak in dating apps can pose a serious threat to users ' security, including physical security. All because of the intimate nature of interactions in such apps.
Analyzing the traffic of applications, researchers were surprised to find that many of them send much more data than is displayed in the graphical interface. For example, you can hide your gender in Tinder, but this information is still passed to the API.
All companies whose applications were vulnerable were notified by the researchers, and most of the vulnerabilities described above, including location leaks, have already been fixed. However, some companies considered that such leaks do not pose a big threat and, in general, are the originally intended behavior of their application.
Researchers urge users to be careful with what information they share through dating apps. "Apps encourage you to share more information to increase the chances of a match, but what they don't know can't be leaked for sure," Dondt rightly noted.
This study serves as a reminder that in the pursuit of online communication and romantic relationships, we should not forget the price we pay for the apparent ease of such communication. Every user should be aware of their responsibility to protect their personal data and critically evaluate what information they are willing to entrust to the digital world and what they are not.
Source
