There are fears in the gay community that a popular “meat-market” smartphone app might be used to out millions of users.
The Grindr app was designed to allow gay men to meet other gay men who may be just metres away by using their smartphone’s Global Positioning System (GPS) as a gayda.
However a Sydney hacker has managed to turn over the system and gained access to intimate personal chats, explicit photos and private information of users.
It is thought that the app has about a million users.
Apparently the hacker discovered a way to log in as another user, impersonate that user, chat and send photos on their behalf.
According to the Sydney Morning Herald the same vulnerabilities are also present in Blendr which is the straight version of the app. One security expert told SMH that both apps had “no real security” and were “poorly designed”.
The founder of the apps, Joel Simkhai, conceded both were vulnerable and he was rushing to release a patch to fix the problems.
However he did not know until the weekend that text chats could be monitored and claimed the company had never experienced a “major breach” in which a large portion of users were affected.
The Sydney hacker opened a website that listed users’ Grindr pseudonyms, passwords, their personal favourites, bookmarked friends and allowed them to be impersonated, and thus have messages sent and received without their knowledge. At one point, the website also allowed users’ profile pictures to be replaced.
So far the hacker has been using the flaw to prank Grindr users by changing their profile pictures of to explicit images resulting in them being banned.
But the potential to use the flaw for blackmail, or queer bashing is high.