Wechat sex group
We’re talking here about intercepting and stealing personal information and the de-anonymization of a dating service that could cause victims no end of troubles – from messages being sent out in their names to blackmail.We took the most popular apps and analyzed what sort of user data they were capable of handing over to criminals and under what conditions.This allows an attacker, for example, to see which accounts the victim is currently viewing.The Android version of Paktor uses the quantumgraph analytics module that transmits a lot of information in unencrypted format, including the user’s name, date of birth and GPS coordinates.Most of the applications use SSL when communicating with a server, but some things remain unencrypted.For example, Tinder, Paktor and Bumble for Android and the i OS version of Badoo upload photos via HTTP, i.e., in unencrypted format.If the app included an option to show your place of work, it was fairly easy to match the name of a user and their page on a social network.
The app uses it to find out how many friends the user has in common on Facebook.
The Paktor app allows you to find out email addresses, and not just of those users that are viewed.
All you need to do is intercept the traffic, which is easy enough to do on your own device.
We were interested in what could be intercepted if, for example, the user connects to an unprotected wireless network – to carry out an attack it’s sufficient for a cybercriminal to be on the same network.
Even if the Wi-Fi traffic is encrypted, it can still be intercepted on an access point if it’s controlled by a cybercriminal.