Jack’d Programming Bug Creates Private Image Vulnerability
The Register has reported a vulnerability in the programming of GBTQ dating app Jack’d which may expose private images to attackers.
Researcher Oliver Hough discovered the issue around three months ago, but reportedly struggled to contact developers in order to rectify the problem.
GDI reached out to Mark Girolamo, CEO & CFO at Online-Buddies, who said: “Our tech team is aware of the photo vulnerability and has already programmed the changes for this fix. They will deploy the fix this Thursday, February 7.”
There is no straightforward way for hackers to find out which profiles link to which private images, though “educated guesses” may be possible.
San Francisco-based reporter Sean Nichols writes: “The app should place strict access restrictions on which images should be viewable, so that if one user allows another user to see a [picture], only the receiver should be allowed to see it.”
Nichols suggests Jack’d users may wish to delete their private images until the stricter access restrictions have been implemented.
Security vulnerabilities on LGBTQ dating apps often create additional concern for consumers, as many users may not be public about their sexuality.
Grindr came under fire in 2018 for exposing HIV data to third party apps and, further, some were concerned that Chinese parent company Kunlun may be sharing information with the government.
In response, Grindr began hosting HIV/AIDS policy experts at a brand new summit in Los Angeles.
Read more here.