It is understood the hacker took advantage of the fact the apps used a personalised string of numbers known as a hash, instead of a user name and password, to log in. The hash is exchanged between users' smartphones so they can communicate with each other but the hacker discovered it could be replaced with another users' hash to enable the hacker to:
- Log in as any user
- See the user's favourites
- Change their profile information and profile picture
- Talk to others as the user
- Access pictures sent to the user
- Impersonate a user's "favourite" and talk to them as a friend
A security expert - who did not wish to be named because he didn't have Mr Simkhai's permission to analyse his systems - said that the Grindr and Blendr apps "had no real security".
They are "very poorly designed ... [with] poor session security and authentication", the expert said. "It wouldn't be too hard to secure this."
More about: DADT | DOMA | ENDA | Immigration | Marriage | 2012 Elections
Follow @AmericablogGay
Grindr hacked, user privacy at risk
More posts about:
internet
blog comments powered by Disqus
