In April 2024, security researcher Eric Daigle discovered vulnerabilities in the popular phone-tracking app iSharing, exposing the precise location of any of its more than 35 million users. Daigle, a student at the University of British Columbia, found that the bugs allowed anyone using the app to access another user’s coordinates, even if the user was not actively sharing their location data with anyone. Additionally, the bugs exposed users' names, profile photos, email addresses, and phone numbers used to log in to the app. Location-tracking apps, including stealthy "stalkerware" apps, have a history of security mishaps that put users' precise locations at risk. To demonstrate the severity of the issue, Daigle located a TechCrunch reporter down to a few feet using an Android phone with the iSharing app installed and a new user account. He shared details of the vulnerability with iSharing, but after not hearing back for two weeks, he sought TechCrunch's help in contacting the app makers. iSharing fixed the bugs soon after, around the weekend of April 20-21. iSharing co-founder Yongjae Chuh expressed gratitude to the researcher for discovering the issue and stated that the company is planning to work with security professionals to enhance user data protection. The vulnerability was attributed to a feature called "groups," which allows users to share their location with others. Chuh confirmed that the company's logs showed no evidence of the bugs being found before Daigle's discovery. However, he acknowledged that there may have been an oversight on their part because their servers were not properly checking if users were allowed to join a group of other users.
everal popular Android applications available on the Google Play Store are vulnerable to a path traversal-affiliated vulnerability known as the Dirty Stream attack. This vulnerabil...
The US confirms Russian hackers have breached water systems. They warn North American and European operators about ongoing attempts by pro-Russia activists to infiltrate their tech...
The Simone Veil hospital in Cannes, France, has become the latest target of cybercriminals, with the LockBit ransomware gang claiming to have accessed and published confidential da...