10M+ Downloaded Dating App Discloses User’s Exact Location

In a groundbreaking Check Point Research (CPR) analysis, vulnerabilities have been uncovered in several popular dating applications, cumulatively boasting over 10 million downloads.

This investigation focused on the inherent risks associated with the use of geolocation data—a feature that, while designed to connect users with potential matches in their vicinity, may compromise their privacy.

Among the scrutinized apps, “Hornet,” a widely used gay dating platform, was found to have significant security flaws that could reveal the exact locations of its users.

CPR’s research highlighted a technique to pinpoint user coordinates using distance information.

Despite Hornet’s efforts to safeguard user privacy by disabling the display of distances, CPR developed a method that achieved location accuracy within 10 meters in controlled experiments.

Following the discovery, Hornet’s developers have taken steps to mitigate these risks, reducing location accuracy to 50 meters.

However, the initial vulnerability posed a substantial privacy risk to its users.

Understanding Geolocation & Possible Dangers

Geolocation technology can pinpoint the real-world geographic location of a device with varying degrees of accuracy.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

While this technology offers numerous benefits, it also presents several privacy and security risks, such as unauthorized data access, unintended sharing with third parties, and potential exploitation by malicious actors.

Methodology for Determining Distance

CPR’s methodology involved sorting users by ascending the distance order and using two known distances to estimate the target user’s location.

Estimating the approximate distance to the user based on known distances to neighbors

Additionally, by registering an additional account with controllable coordinates, researchers could refine their search and narrow the distance between the target and the auxiliary account, achieving remarkable precision.

Technique for determining the distance to the user using the positioning of an auxiliary account

Trilateration Methodology

The research utilized a two-step trilateration process, initially identifying two possible candidate locations before selecting the correct solution with information from a third reference point.

This method allowed for an astonishingly high accuracy in determining user locations.

The vulnerabilities discovered in the Hornet dating app underscore the significant privacy risks of exposing user geolocation.

The final location estimate has an error of less than 5 meters

Despite improvements made by Hornet’s developers, the potential for location determination remains.

CPR advises users to exercise caution with app permissions and to disable location services to protect their privacy.

This proactive approach can prevent apps from tracking movements and sharing personal data with external entities, ensuring a safer online dating experience.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

The Rise of AI-Generated Professional Headshots

It’s clear that a person’s reputation is increasingly influenced by their online presence, which spans…

11 hours ago

Hackers Abuse Google Ads To Attacking Graphic Design Professionals

Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as…

14 hours ago

Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And Firewalls

Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in Israel…

14 hours ago

Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads

Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source…

15 hours ago

Hackers Weaponizing Microsoft Teams to Gain Remote Access

Recent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams to…

16 hours ago

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every second,…

3 days ago