An exploit recently discovered in the current generation of Grindr applications allows anyone with an internet connection and skill enough to query Grindr’s servers. Grindr, and applications like that, function using a cell phone’s geo-location information based on a combination of cell phone signal, proximity to wi-fi hot spots, and use of GPS tech. Generally, Grindr will provide users with a general idea of where they are in relation to one another denoted in a chosen unit of measurement.
When questioned about the security flaw, a Grindr representative claimed that the sharing of location data was a feature of the application, rather than a mistake. This particular bug, however functions somewhat differently than how the average Grindr user’s phone might.
By pinging Grindr’s servers for location requests linked to a particular Grindr user multiple times, it is possible to triangulate a person’s exact location with a degree of accuracy uncharacteristic of the application. In addition to detailed location information, it is possible to parse all of the information included on a Grindr user’s profile. All of this can be achieved without actually using Grindr from either a phone or a tablet, as explained by NDTV. The only protection that Grindr users have at their disposal currently is to completely disable any locational permissions given to the app, effectively crippling it.
According to NDTV, an anonymous samaritan has been using the flaw to let people using Grindr in countries known to be hostile towards gays know that their identities could, in theory, be compromised. As of the 19th, the hacktivist reported having contacted 100,000 Grindr users in over 70 countries with anti-gay laws in effect. Since then they’ve taken to posting warnings to a Twitter profile, YouTube Channel, and a Pastebin text page.
Watch a video demonstration explaining the security exploit, AFTER THE JUMP…
UPDATE: Grindr has reached out to us about this report, releasing the following statement:
"We don’t view this as a security flaw. As part of the Grindr service, users rely on sharing location information with other users as core functionality of the application and Grindr users can control how this information is displayed. For Grindr users concerned about showing their proximity, we make it very easy for them to remove this option and we encourage them to disable ‘show distance’ in their privacy settings. As always, our user security is our top priority and we do our best to keep our Grindr community secure."
