Access to photos and users locations was obtained - the app for arranging for group sex scored a slip-up

In the data of 3Fun users, it was possible to freely select. Researchers have shown how easy it is to get access to locations, information about sexual orientation or the date of birth of people looking for a triangle opportunity online. If anyone had a problem identifying specific people by this data, their photos were also available. Yes, those marked as private too.

Pen Test Partners researchers call 3fun the worst they've ever seen among dating apps. This is a high bar, as they themselves admit, dating applications have really bad security.

Nice kind couple from the Supreme Court looking for a mature hygienic man up to the triangle.

The data, which researchers reached due to poor application security, allows to identify individual people without any problems.

The collected geolocation information allowed to determine very precisely where the person who uses 3fun is. Thanks to their latitude and longitude, they can be used to identify a specific house or building. In theory, it was supposed to make it easier for interested users to find their way in the urban jungle, in practice it could be catastrophic. Although this option could be turned off, but in practice it changed little, because it did not stop the application from collecting data and sending it to the server.

However, not only location data can expose users. Birth dates, gender, sexual orientation information and, worst of all, pictures of application users, including those in private albums, were also readily available.

3fun says it has about one and a half million users, and yet it was asking for a disaster .

The addresses from which the application was viewed included the White House, the US Supreme Court and the seat of the British Parliament. Fortunately, there are so many people hanging around that there is a chance that 3fun users will remain anonymous, and this is particularly important in this case. Everyone whose data appears in this context is exposed to blackmail, especially if he is a public figure. Relationships, families, careers, social status and further normal life are at stake.

These types of applications should have particularly good protection, not particularly bad. After Pen Test Partners' intervention, 3fun security holes were patched.



Access to photos and users' locations was obtained - the app for arranging for group sex scored a slip-up

Comments

Popular posts from this blog

What is VoLTE and how can you activate it on your Xiaomi

So you can check the battery status of your Xiaomi smartphone and how many cycles you have performed

How to exit the FASTBOOT mode of your Xiaomi if you have entered accidentally

Does your Xiaomi charge slowly or intermittently? So you can fix it

Problems with Android Auto and your Xiaomi? So you can fix it

If your Xiaomi disconnects only from the WiFi it may be because of that MIUI setting

How to change the font in MIUI and thus further customize your Xiaomi: so you can change the type, color and size of the letters of MIUI

What is the Safe Mode of your Xiaomi, what is it for and how can you activate it

Improve and amplify the volume of your Xiaomi and / or headphones with these simple adjustments

How to activate the second space if your Xiaomi does not have this option