Yik Yak’s revived messaging app was meant to bring back the days of truly anonymous local chat, but it may have unintentionally made life easier for creeps. Computer science student David Teather informed motherboard that Yik Yak had a bug that allowed attackers to obtain both the exact location for posts (within 10-15 feet) and users’ unique IDs. Mix the two pieces of information and it’s possible to track a user’s movement patterns.
Teather used a proxy tool to determine that YikYak sent both the precise GPS location and user ID with each message, even when users would normally only see vague distances and city identifiers. An independent researcher reviewed the results for motherboardalthough it’s not clear if anyone has exploited the flaw to date.
Yik Yak has not yet responded to requests for comment. The developer released three updates between April 28 and May 10, but it’s not yet certain if they fully address exposed spots. However, it is safe to say that the problem has endangered users especially if they shared sensitive information with local chatters.
This article was previously published on Source link