A security researcher named Eric Daigle uncovered a significant security flaw in iSharing, a popular phone tracking app with over 10 million downloads on the Google Play Store. This flaw put the precise locations of users at risk of exposure, even if they were not actively sharing their location with anyone.
By exploiting the vulnerability, Daigle was able to access every user’s exact coordinates, along with their names, profile photos, phone numbers, and email addresses used for logging into the app. This level of access poses a serious security threat as it could potentially facilitate activities like burglary based on knowing when a user is away from home.
The flaw was discovered as part of Daigle’s broader investigation into the security of location-tracking mobile apps. Despite reaching out to the developers, no response was received, prompting Daigle to seek help from TechCrunch to publicize the issue.
iSharing’s co-founder, Yongjae Chuh, expressed gratitude to the researcher for uncovering the vulnerability, stating that the company is collaborating with security professionals to implement additional security measures to safeguard user data. The company has since identified and fixed the flaw in the app’s “groups” feature, ensuring that no unauthorized access took place prior to Daigle’s discovery.
Taking Steps to Enhance Security
Daigle’s detailed findings on the security vulnerability can be accessed on his blog, providing insight into how iSharing’s servers failed to adequately control access to users’ location data. The company’s swift response in deploying a fix underscores the importance of proactive security measures in addressing potential threats before they can be maliciously exploited.
