Group Sex App Data Exposes Users in White House and Downing Street

© AP Photo / Manuel Balce CenetaThe new Presidential VH-92 helicopter takes off from the South Lawn of the White House in Washington, Friday, June 14, 2019
The new Presidential VH-92 helicopter takes off from the South Lawn of the White House in Washington, Friday, June 14, 2019 - Sputnik International
Subscribe
A massive vulnerability has been exposed in the group dating app 3fun, with researchers gaining access to a trove of information on its users, including the location data of some of them – the White House and Downing St, 10.

The app, described as a “Curious Couples & Singles Dating” platform, was inspected by security researchers from Pen Test Partners, who discovered the vulnerability, describing it as “probably the worst security for any dating app we’ve ever seen.”

Personal information, sexual preferences, private photos, chat data and users’ real-time locations were all exposed because of the lack of proper user security. 3fun was storing its users’ location data in the app itself, as opposed to keeping it securely on its servers. This allowed the researchers to uncover the data on the client side, even for users who had restricted their location data.

The locations included the White House, the US Supreme Court, and 10 Downing Street in London. However, the security experts did note that it’s “technically possible” that these users faked their locations.

TechCrunch ran the same tests as Pen Test Partners and confirmed its findings. They were able to modify their current geolocation to any set of coordinates, including the White House and the headquarters of the CIA.

Moreover, none of the data was encrypted. The researchers called the app a “privacy trainwreck.” The researchers contacted 3Fun on July 1 to report the bugs, yet Pen Test Partners said the app maker took weeks to fix the issues.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала