Data Security, Endpoint/Device Security, Privacy

iSharing app vulnerabilities put users’ locations at risk

Smartphone with map, 3D Map pins, GPS, navigator pin checking points, 3D World Map icon, technology and application mobile smart phone with mobile, delivery tracking, transportation, generate by AI

TechCrunch reports that popular phone tracking app iSharing had the exact location details of its more than 35 million users exposed due to vulnerabilities that prevented the app's servers from conducting proper checks of user data access.

Aside from location data, users' names, profile photos, email addresses, and phone numbers were also made accessible to anyone due to the flaws, according to University of British Columbia's Eric Daigle, who discovered and reported the security issues.

"Finding the initial flaw in total was probably an hour or so from opening the app, figuring out the form of the requests, and seeing that creating a group on another user and joining it worked," Daigle said.

All of the flaws, which have already been addressed during the past weekend, were noted by iSharing to have stemmed from the app's groups functionality, but iSharing co-founder Yongjae Chuh said that there was no evidence suggesting their earlier discovery or exploitation.

"Our team is currently planning on working with security professionals to add any necessary security measures to make sure every user’s data is protected," Chuh added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.