Click For Photo: https://regmedia.co.uk/2016/08/18/shutterstock_mobile_surprise.jpg
Dating-slash-hook-up app Jack'd is exposing to the public internet intimate snaps privately swapped between its users, allowing miscreants to download countless X-rated selfies without permission.
The phone application, installed more than 110,000 times on Android devices and also available for iOS, lets primarily gay and bi men chat each other up, exchange private and public pics, and arrange to meet.
Photos - Anyone - Web - Browser - Authentication
Those photos, public and private, can be accessed by anyone with a web browser and who knows just where to look, though, it appears. As there is no authentication, no need to sign up to the app, and no limits in place, miscreants can therefore download the entire image database for further havoc and potential blackmail.
We're told the developers of the application were warned of the security vulnerability three months ago, and yet no fix has been made. We've repeatedly tried to contact the programmers to no avail. In the interests of alerting Jack'd users to the fact their highly NSFW pictures are facing the public internet, we're publishing this story today, although we are withholding details of the flaw to discourage exploitation.
Researcher - Oliver - Hough - Security - Jack
Researcher Oliver Hough, who said he found and reported the security shortcoming to the Jack'd team some three months ago, demonstrated to The Register how the programming bug can be exploited. We were able to verify it is seemingly possible to access masses of public and private images...
Wake Up To Breaking News!
Does it ever seem that life has become one long rerun?