Wednesday, September 18, 2024
Homecyber security10M+ Downloaded Dating App Discloses User’s Exact Location

10M+ Downloaded Dating App Discloses User’s Exact Location

Published on

In a groundbreaking Check Point Research (CPR) analysis, vulnerabilities have been uncovered in several popular dating applications, cumulatively boasting over 10 million downloads.

This investigation focused on the inherent risks associated with the use of geolocation data—a feature that, while designed to connect users with potential matches in their vicinity, may compromise their privacy.

Among the scrutinized apps, “Hornet,” a widely used gay dating platform, was found to have significant security flaws that could reveal the exact locations of its users.

- Advertisement - EHA

CPR’s research highlighted a technique to pinpoint user coordinates using distance information.

Despite Hornet’s efforts to safeguard user privacy by disabling the display of distances, CPR developed a method that achieved location accuracy within 10 meters in controlled experiments.

Following the discovery, Hornet’s developers have taken steps to mitigate these risks, reducing location accuracy to 50 meters.

However, the initial vulnerability posed a substantial privacy risk to its users.

Understanding Geolocation & Possible Dangers

Geolocation technology can pinpoint the real-world geographic location of a device with varying degrees of accuracy.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

While this technology offers numerous benefits, it also presents several privacy and security risks, such as unauthorized data access, unintended sharing with third parties, and potential exploitation by malicious actors.

Methodology for Determining Distance

CPR’s methodology involved sorting users by ascending the distance order and using two known distances to estimate the target user’s location.

 Estimating the approximate distance to the user based on known distances to neighbors
 Estimating the approximate distance to the user based on known distances to neighbors

Additionally, by registering an additional account with controllable coordinates, researchers could refine their search and narrow the distance between the target and the auxiliary account, achieving remarkable precision.

Technique for determining the distance to the user using the positioning of an auxiliary account
Technique for determining the distance to the user using the positioning of an auxiliary account

Trilateration Methodology

The research utilized a two-step trilateration process, initially identifying two possible candidate locations before selecting the correct solution with information from a third reference point.

This method allowed for an astonishingly high accuracy in determining user locations.

The vulnerabilities discovered in the Hornet dating app underscore the significant privacy risks of exposing user geolocation.

The final location estimate has an error of less than 5 meters
The final location estimate has an error of less than 5 meters

Despite improvements made by Hornet’s developers, the potential for location determination remains.

CPR advises users to exercise caution with app permissions and to disable location services to protect their privacy.

This proactive approach can prevent apps from tracking movements and sharing personal data with external entities, ensuring a safer online dating experience.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Discord Announces End-to-End Encryption for Audio & Video Chats

Discord has introduced end-to-end encryption (E2EE) for audio and video chats.Known as the...

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...

Chrome 129 Released with Fix for Multiple Security Vulnerabilities

The Chrome team has officially announced the release of Chrome 129, which is now...

VMware vCenter Server Vulnerability Let Attackers Escalate Privileges

VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Discord Announces End-to-End Encryption for Audio & Video Chats

Discord has introduced end-to-end encryption (E2EE) for audio and video chats.Known as the...

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...

Chrome 129 Released with Fix for Multiple Security Vulnerabilities

The Chrome team has officially announced the release of Chrome 129, which is now...