Grindr has a major security flaw that can pinpoint a user’s exact location

Grindr has a major security flaw that can pinpoint a user’s exact location

Grindr has been exposed for having some major security flaws.

The flaws were first discovered by Trever Faden who first announced his genius regarding the means to know who has blocked you on Grindr using his site, C*ckblocked. The site allows users to enter their Grindr info and see who has blocked them on the app.

Once the info was entered, Faden however says he found another, even bigger security loophole.

He told NBC he was able to gain access to all sorts of other data not publicly available on user profiles, including unread messages, email addresses, deleted photos, and the location data of users, even those who opted not to publicly share their locations.

“One could, without too much difficulty or even a huge amount of technological skill, easily pinpoint a user’s exact location,” Faden says.

And by “exact location,” he means right down to the exact area of the building in which a user was located, which can be found in mere minutes by anyone with the know-how.

But it gets creepier.

NBC reports:

“Faden also discovered a separate security flaw related to location data that did not require users to log in to any third-party apps or websites with their Grindr credentials. Grindr requires users to send location data to its servers in order for the app to work. Some of that information is not encoded, meaning that passive observers of internet traffic — for instance, on a public Wi-Fi network watched over by a country’s government — can identify the location of anyone who opens the app.”

Yikes.

“There are a million reasons why you might not want someone to find your location through Grindr, and Grindr is dealing with that as a non-issue,” Cooper Quintin, a security researcher at the Electronic Frontier Foundation, tells NBC. “They’re putting people’s lives at risk by doing that.”

Faden says he has no intention of using the data his website has collected for nefarious purposes. He merely wants to use the experiment to raise awareness to some very serious security flaws on one of the most popular dating apps among gay men.

“The single weakest point in most security chains is often the human element,” he says. “Not backdoors, not weak authentication schemes — just people with malicious intent that know enough to dupe other people.”

Print Friendly, PDF & Email
Previous Safe Now, Sorry Later
Next #HowIResist Campaign 15

About author

You might also like

The Happenings 98 Comments

Those Headies Awards Moments When Olamide had something to say and Don Jazzy had something else to say

Things got very interesting at the 2015 Headies Awards when Olamide (and the whole YBNL crew) escorted Adekunle Gold on stage to collect his award for “Best Alternative Song”. Leading

Print Friendly, PDF & Email
The Happenings 58 Comments

Dolce And Gabbana Respond To Backlash Over Controversial Remarks

Gay designing duo, Dolce and Gabbana has responded to a boycott of their brand by celebrities including Elton John, Ricky Martin, Sharon Stone, and Ryan Murphy with about as little

Print Friendly, PDF & Email
The Happenings 28 Comments

‘We Follow a Jesus I Do Not Recognize.’ Rev. Colin Coward in a Facebook Rant

The Rev. Colin Coward, MBE, director of Changing Attitude England, recently wrote on Facebook about his displeasure with homophobia in Africa and the distortion of Christianity by those who are

Print Friendly, PDF & Email

1 Comment

  1. paradox
    April 03, 22:41 Reply

    It is that fact that they are too porous enough to share statuses of their users that annoys me. Apparently, this was the REAL reason why they started this status crap couple of years back

Leave a Reply