Hot on HuffPost Tech:

See More Stories
Engadget for the iPhone: download the app now
AOL Tech

Color vulnerable to simple GPS hack, lets you spy on anyone, anywhere

Color, the $41-million-in-funding location-oriented photo sharing startup, is susceptible to simple GPS spoofing. With nothing more than a jailbroken iPad or iPhone, you can use FakeLocation to trick Color into thinking you're somewhere else. Within seconds you can be browsing photos that were snapped thousands of miles away. With a little digging, you can pore through photos not intended for your eyes.

Of course, such a hack isn't illegal as such -- every photo you take with Color is public. With FakeLocation you are simply circumventing Color's very limited location-oriented security mechanism. It does undermine Color's usefulness (and uniqueness), though -- if nefarious types can sit in their bedroom or basement and eavesdrop on classy dinner parties and wild night club soirees, people might be less inclined to share personal photos with those around them.

Fortunately, both for Color and its users, this is an easy security hole to plug -- at least in the short term. The app (or server-side) code simply checks to see if the user has 'teleported' an impossibly large distance, without any intermediate steps in between. In the long term, though, Color's users must be aware that its social graph is completely public. Color's users must realize that every photo they upload is visible by anyone, from any place.

After the break, just to elucidate a little on Color's actual business model and ultimate intention, we have two amazing quotes from Bill Nguyen, Color's founder.

Nguyen, when quizzed by Business Insider about about Color's massive $41 million in venture capital funding, said:

"Photo sharing is not our mission. We think it's cool and we think it's fun, but we're a data mining company. We are really much more about bringing these spontaneous instant social networks. We happened to begin by launching an application that captures photos and video and text."

And then, when asked about Color's revenue stream -- because it's a free app! -- he had this rather mind-blowing bit to say:

"Advertising through the app. We're going to build a intelligent system that allows businesses to participate with their customers. So when you walk into a restaurant and you use Color, and they're also customers through a self-service Web interface -- or actually a self-service iPad interface -- every time you walk into the restaurant, your [first] name will show up with your picture. The maitre d' or receptionist will know who you are, they'll be able to welcome you, they'll know the last time you were here, they'll be able to see pictures if you took them here. They'll be able to provide you better service than they've ever before, that's going to drive up their revenue by increasing repeat business because we always want to go back where we feel welcome."

Finally, a 'socially acceptable' way of retina scanning people, a la Minority Report. Who needs national ID cards...

Tags: apps, bill nguyen, BillNguyen, color, colour, gps, ios, location, location based services, LocationBasedServices, mobile, photo, photo sharing, photography, photos, PhotoSharing, sharing

Comments

3