Seek sex, find grief

With on­line se­cu­rity (or lack of it) in the news again, how’s this for a tale of what can go wrong if app devs don’t think things through…

Australian T3 - - OPINION -

My reg­u­lar read­ers will know that I have writ­ten be­fore about web se­cu­rity and how, at heart, no­body cares about it. Not even you.

Have you, for in­stance, pulled your “adult” pics off of iCloud after the megaceleb-nude-misogyny-fest of Au­gust 2014? No, of course you haven’t.

How about if it could get you into real trou­ble, though? A less pub­li­cised re­cent cod­ing fail re­lated to the gay, ahem, “chat” app Grindr. This al­lows chaps who wish to “chat” with other chaps to find them in the lo­cal area. It’s an IM app with a strong ge­olo­ca­tion el­e­ment, ba­si­cally.

Last month, somebody mes­saged me on Grindr to point out a se­cu­rity flaw in it. Not just me – the hacker was mass-mail­ing users.

The flaw: Grindr re­veals your dis­tance from FUNnow57, or who­ever you may be lin­ing up for a good, hard chat­ting; that’s its USP. How­ever, with a bit of in­ge­nious cod­ing, you can ping FUNnow57 from sev­eral lo­ca­tions at once. Via the mir­a­cle of tri­an­gu­la­tion, you now know ex­actly where he is. And why do you know that? Be­cause Grindr’s ge­olo­ca­tion data is both rea­son­ably ac­cu­rate and to­tally un­en­crypted.

Sure enough, fol­low­ing the link the mys­tery white hat had shared in his mes­sage, I could view a map over­laid with the lo­ca­tion of ev­ery lo­cal Grindr user, in­clud­ing, more or less, my own lo­ca­tion – it was within 20 me­tres or so, any­way.

I must ad­mit my ini­tial thought was, “That’s neat – Gay­gle Maps!”

How­ever, not ev­ery user of the app lives in a Western idyll where no­body much cares about sex­ual ori­en­ta­tion – or if they do, they’re po­lite enough to put up with it so long as it’s not “shoved down their throats”. Yup.

Grindr, though, has a slightly more nu­anced use in cer­tain other coun­tries: it lets gays find other gays with­out the threat of ha­rass­ment, as­sault or hav­ing the Saudi re­li­gious po­lice kick their door down in the morn­ing. Or, at least, that’s what users in those coun­tries thought it did.

I’m sure Grindr’s devs never con­sid­ered this when they built the app. Just get­ting it to work with­out crash­ing, while show­ing you an ad­vert ev­ery 15 f**king seconds, seems to be the limit of their am­bi­tions/skill. The global na­ture of smart­phone con­nec­tiv­ity means an app meant for one place and pur­pose ends up be­ing used in ways it was never in­tended. That’s not their fault.

You’ve got to say, though, they didn’t ex­actly cover them­selves in glory after their se­cu­rity hole was pointed out. Sub­se­quent up­dates didn’t ap­pear to fix the ex­ploit, but they did seem to try to stop any­one send­ing mass mes­sages on their sys­tem. Ones say­ing, for in­stance, “Hey, Ira­nian guy! Us­ing this app could get you killed!” So that’s nice.

Now, will ac­tual dan­ger to life and lib­erty cause Grindr users to take their on­line se­cu­rity se­ri­ously? I hope so, I re­ally do. But if not, my orig­i­nal point is proved, I’d say.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.