A security hole in Tinder revealed your real location, report says
A security breach in the API of Tinder, one of the fairly popular iOS/Android location-based dating apps, made it possible for wrongdoers to find your exact whereabouts.
The hole was discovered by a whitehat hacker, Max Veytsman with Include Security, whose report on the issue states that if you have basic knowledge in geometry and know a certain Tinder user's ID, you can easily locate them via a a simple trilateration principle, similar to "how GPS and cellphone location services work". Mr. Veytsman also says that "a very high decree of accuracy (within 100ft)" was achieved during his initial experiments. As if this isn't bad enough, there's no way to tell whether this technique has been used against a certain Tinder user, because it doesn't leave a trace in Tinder's servers.
Yet, this is not the first location-based security hole in the dating app. Back in 2013, another, even bigger breach in Tinder enabled almost anyone with basic programming skills to make a query to its API and get the current coordinates of any given user. This security flaw was patched by Tinder's developer several months ago, however, the patch might have spawned the latest hole, which Max Veytsman revealed.
You can check out Tinder for free. If you dare, of course.
Download: Tinder (Android | iOS)
source: Include Security via Engadget
The hole was discovered by a whitehat hacker, Max Veytsman with Include Security, whose report on the issue states that if you have basic knowledge in geometry and know a certain Tinder user's ID, you can easily locate them via a a simple trilateration principle, similar to "how GPS and cellphone location services work". Mr. Veytsman also says that "a very high decree of accuracy (within 100ft)" was achieved during his initial experiments. As if this isn't bad enough, there's no way to tell whether this technique has been used against a certain Tinder user, because it doesn't leave a trace in Tinder's servers.
The whitehat hacker got in touch with Tinder's developer and informed it about the API's weakness. Fortunately, it seems that the security hole is no more.
You can check out Tinder for free. If you dare, of course.
Download: Tinder (Android | iOS)
source: Include Security via Engadget
Things that are NOT allowed: