Grindr fixes issue that let hackers easily hijack accounts

A New Kind of Male Sex Toy

The Arcwave Ion, a new sex toy from a company called Wow Tech, promises a different kind of male orgasm. They deliver... kind of. BTW, friends, this review is NSFW. Wow Tech makes the disgustingly-named Womanizer, a popular ladies toy that uses vibration...

Google Fi starts selling 5G phones from Samsung

Google Fi customers have been able to use unlocked Samsung phones on the MVNO’s network for years, but now those same customers can now buy a Samsung Galaxy device directly from the search giant. On the Fi website, the company has...

Waymo rolls out its driverless robo-taxi service in Arizona

Waymo, the self-driving unit of Alphabet, said Thursday that it’s offering its fully driverless robo-taxis to all customers of its ride-hailing service in Phoenix, Arizona. Previously, the company only afforded its fleet of unmanned...

How to Fix the iOS 14 Bug That Causes Major Battery Drain

Apple’s new iOS 14 has brought iPhone users a trove of wonders. But one cannot have wonders without some bugs. So if you recently noticed that your iPhone seems to suffer massive battery drain after upgrading to iOS 14, we want...

The popular LGBT+ hook-up app Grindr has fixed a glaring security flaw that allowed hackers to take over any account if they knew the user’s registered email address, TechCrunch reports.

Wassime Bouimadaghene, a French security researcher, originally uncovered the vulnerability in September. But after he shared his discovery with Grindr and was met with radio silence, he decided to team up with Australian security expert Troy Hunt, a regional director at Microsoft and the creator of the world’s largest database of stolen usernames and passwords, Have I Been Pwned?, to draw attention to an issue that put Grindr’s more than 3 million daily active users at risk.

Hunt shared these findings with the outlet and on his website Friday, explaining that the problem stemmed from Grindr’s process for letting users reset their passwords. Like many social media sites, Grindr uses account password reset tokens, a single-use, machine-generated code to verify that the person requesting a new password is the owner of the account. When a user asks to change their password, Grindr sends them an email with a link containing the token that, once clicked, lets them reset their password and regain access to their account.

However, Bouimadaghene discovered a serious issue with Grindr’s password reset page: Instead of solely sending the password reset token to a user’s email, Grindr also leaked it to the browser. “That meant anyone could trigger the password reset who had knowledge of a user’s registered email address, and collect the password reset token from the browser if they knew where to look,” TechCrunch reports.

In short, just by knowing the email address a user had associated with their Grindr account, a hacker could easily create their own clickable password reset link using the leaked token and hijack the account, gaining instant access to a user’s pictures, messages, HIV status, and more.

Hunt confirmed the vulnerability after setting up a test account with fellow security researcher Scott Helme. In his post Friday, Hunt called it “one of the most basic account takeover techniques I’ve seen.”

I cannot fathom why the reset token—which should be a secret key—is returned in the response body of an anonymously issued request,” he continued. “The ease of exploit is unbelievably low and the impact is obviously significant, so clearly this is something to be taken seriously.

And yet, it wasn’t. According to his post, Bouimadaghene reached out to Grindr’s support team on Sep. 24 and walked them through the potential account takeover process. A company representative told him that Grindr’s developers had been notified of the issue and flagged his ticket as “resolved.” When Bouimadaghene followed up over the course of the next few days, he was met with silence.

After testing and confirming the vulnerability, Hunt tagged Grindr in a tweet on Thursday asking for contact information for the company’s security team. The vulnerability was quickly resolved after he got in touch.

Grindr did not immediately respond to Gizmodo’s request for comment, but the company’s chief operating officer Rick Marini providing the following statement to TechCrunch:

“We are grateful for the researcher who identified a vulnerability. The reported issue has been fixed. Thankfully, we believe we addressed the issue before it was exploited by any malicious parties. As part of our commitment to improving the safety and security of our service, we are partnering with a leading security firm to simplify and improve the ability for security researchers to report issues such as these. In addition, we will soon announce a new bug bounty program to provide additional incentives for researchers to assist us in keeping our service secure going forward.”

You would think that, given Grindr’s history of security headaches, the company would have learned by now to be more responsive to reported vulnerabilities. In 2018, Grindr was forced to acknowledge that it shared information on users’ HIV status with third-party companies for optimization purposes following a damning Buzzfeed investigation. Grindr later said it had stopped the practice. Earlier this year, the app’s former owner, Beijing Kunlun Tech, sold Grindr to a Los Angeles-based company after a U.S. national security panel raised concerns about the China-based company.

[TechCrunch]

Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular

A New Kind of Male Sex Toy

The Arcwave Ion, a new sex toy from a company called Wow Tech, promises a different kind of male orgasm. They deliver... kind of. BTW, friends, this review is NSFW. Wow Tech makes the disgustingly-named Womanizer, a popular ladies toy that uses vibration...

Google Fi starts selling 5G phones from Samsung

Google Fi customers have been able to use unlocked Samsung phones on the MVNO’s network for years, but now those same customers can now buy a Samsung Galaxy device directly from the search giant. On the Fi website, the company has...

Waymo rolls out its driverless robo-taxi service in Arizona

Waymo, the self-driving unit of Alphabet, said Thursday that it’s offering its fully driverless robo-taxis to all customers of its ride-hailing service in Phoenix, Arizona. Previously, the company only afforded its fleet of unmanned...

UK announces more than 10,000 new cases for first time

There were 12,872 new cases, while a further 49 people have died within 28 days of testing positive for Covid-19. However, the government said a technical issue meant some cases this week were not recorded at the time so these were included...

Greenland Melting Fastest Any Time in Last 12,000 Years

Greenland is the biggest island in the world. And the ice sheet that sits atop it is massive. "The pile of ice is so thick it extends more than 10,000 feet above the ocean. And if all that ice were to melt...

More from author

A New Kind of Male Sex Toy

The Arcwave Ion, a new sex toy from a company called Wow Tech, promises a different kind of male orgasm. They deliver... kind of. BTW,...

Google Fi starts selling 5G phones from Samsung

Google Fi customers have been able to use unlocked Samsung phones on the MVNO’s network for years, but now those same customers can now...

Waymo rolls out its driverless robo-taxi service in Arizona

Waymo, the self-driving unit of Alphabet, said Thursday that it’s offering its fully driverless robo-taxis to all customers of...

UK announces more than 10,000 new cases for first time

There were 12,872 new cases, while a further 49 people have died within 28 days of testing positive for Covid-19. However, the government said a...