Saturday, January 25, 2025
Homecyber security10M+ Downloaded Dating App Discloses User’s Exact Location

10M+ Downloaded Dating App Discloses User’s Exact Location

Published on

SIEM as a Service

Follow Us on Google News

In a groundbreaking Check Point Research (CPR) analysis, vulnerabilities have been uncovered in several popular dating applications, cumulatively boasting over 10 million downloads.

This investigation focused on the inherent risks associated with the use of geolocation data—a feature that, while designed to connect users with potential matches in their vicinity, may compromise their privacy.

Among the scrutinized apps, “Hornet,” a widely used gay dating platform, was found to have significant security flaws that could reveal the exact locations of its users.

CPR’s research highlighted a technique to pinpoint user coordinates using distance information.

Despite Hornet’s efforts to safeguard user privacy by disabling the display of distances, CPR developed a method that achieved location accuracy within 10 meters in controlled experiments.

Following the discovery, Hornet’s developers have taken steps to mitigate these risks, reducing location accuracy to 50 meters.

However, the initial vulnerability posed a substantial privacy risk to its users.

Understanding Geolocation & Possible Dangers

Geolocation technology can pinpoint the real-world geographic location of a device with varying degrees of accuracy.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

While this technology offers numerous benefits, it also presents several privacy and security risks, such as unauthorized data access, unintended sharing with third parties, and potential exploitation by malicious actors.

Methodology for Determining Distance

CPR’s methodology involved sorting users by ascending the distance order and using two known distances to estimate the target user’s location.

 Estimating the approximate distance to the user based on known distances to neighbors
 Estimating the approximate distance to the user based on known distances to neighbors

Additionally, by registering an additional account with controllable coordinates, researchers could refine their search and narrow the distance between the target and the auxiliary account, achieving remarkable precision.

Technique for determining the distance to the user using the positioning of an auxiliary account
Technique for determining the distance to the user using the positioning of an auxiliary account

Trilateration Methodology

The research utilized a two-step trilateration process, initially identifying two possible candidate locations before selecting the correct solution with information from a third reference point.

This method allowed for an astonishingly high accuracy in determining user locations.

The vulnerabilities discovered in the Hornet dating app underscore the significant privacy risks of exposing user geolocation.

The final location estimate has an error of less than 5 meters
The final location estimate has an error of less than 5 meters

Despite improvements made by Hornet’s developers, the potential for location determination remains.

CPR advises users to exercise caution with app permissions and to disable location services to protect their privacy.

This proactive approach can prevent apps from tracking movements and sharing personal data with external entities, ensuring a safer online dating experience.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...