Groepsseks datingapp heeft “de slechtste beveiliging voor elke datingapp”augustus 14, 2019
One of the wonderful and terrible things about the internet is how it allows people seeking others with hard-to-find traits to find them: advertisers can find people thinking about buying a refrigerator; people who think they might be trans can find others in the same boat and make common cause; people with the same rare disease can form support groups, and Nazis can find sociopaths to march through the streets of Charlottesville carrying tiki torches and chanting “Jews will not replace us.”
This has been especially pronounced in human sexuality. Anonymous access to porn lets people explore different sexual activities. Online dating services lets people find those who share their kinks, interests, or special needs.
Enter 3fun, an online dating service for those seeking group sex with others. While there is nothing wrong with this activity, and while it’s one that dates back to antiquity and probably before, there is still substantial social stigma associated with it, so apps are a great way of finding partners without exposing yourself to retaliation from employers, family, peers and friends.
That is, unless 3fun is designed with security as an afterthought in a way that exposes its users to snoops who could use the data it leaks to harass, blackmail, or expose its users.
The audit revealed vulnerabilities that would allow attackers to enumerate all 3fun users, including sexual orientation, preferred matches, usernames, ages, partners’ usernames, full-rez profile photos, and some dates of birth. None of the data is encrypted.
Attackers could extract users by location, and Pen Test Partners were able to locate 3fun users inside the White House, CIA headquarters, and the Pentagon.
Pen Test Partners notified 3fun of the defect on July 1, but it was not remediated for “weeks.”
In its report, Pen Test Partners notes that it has only scratched the surface of the defects in 3fun’s security, and speculates that there could be more (and even graver) defects in the system.
3fun claims 1,500,000 users, quoting ‘top cities’ as New York, Los Angeles, Chicago, Houston, Phoenix, San Antonio, San Diego, Philadelphia, Dallas, San Jose, San Francisco, Las Vegas & Washington, D. C.
Several dating apps including grindr have had user location disclosure issues before, through what is known as ‘trilateration’. This is where one takes advantage of the ‘distance from me’ feature in an app and fools it. By spoofing your GPS position and looking at the distances from the user, we get an exact position.
But, 3fun is different. It just ‘leaks’ your position to the mobile app. It’s a whole order of magnitude less secure.
Threesome app 3fun exposed user locations and profile data [Zack Whittaker/Techcrunch]
Security research Matt Wixey from PWC UK tried putting different kinds of consumer speakers — noise canceling headphones, smart speakers, parametric speakers — in an anechoic chamber after infecting them with malware that caused them to emit tones beyond those intended by the manufacturer.
Adversarial Fashions have a line of clothes (jackets, tees, hoodies, dresses, skirts, etc) designed to confound automated license-plate readers; one line is tiled with fake license plates that spell out the Fourth Amendment (!); the designers presented at Defcon this year. (via JWZ)
The voting machines that local officials swore were not connected to the internet have been connected to the internet for years
Election Systems & Software (ES&S) is America’s leading voting machine vendor; they tell election officials (who are county-level officials who often have zero cybersecurity advice or expertise) not to connect their systems to the internet, except briefly to transmit unofficial tallies on election night.
Your phone doesn’t have to be the only smart piece of tech in your pocket. We regularly take pens, lighters, and wallets for granted, but here are 10 portable items that improve on those everyday bits of gear and others just like them. TEC Accessories The Orbiter™ Pinstripe Magnetic Fidget Device Tired of that same […]
The secret’s out. Increasingly, people are relying on hemp-derived cannabidiol, or CBD, as a way to not just deal with pain but everyday stress. Admittedly, it can be hard to find a reliable source of the stuff in a still-unregulated marketplace. But here are a few top picks, a roundup of tasty (and largely natural) […]
Everybody wants to rule the world, but only one video game lets you do it in style – and even peacefully if you’re savvy enough with your cultural dominance. Sid Meier’s Civilization is on its fifth sequel and counting for good reason. No two games are alike thanks to the random mapping and numerous special […]