With some dead-simple geolocation trickery, users can see any photos being uploaded with the Color photo sharing app without leaving the comfort of their own home. Chris Wysopal, the chief technology officer with Veracode, announced via Twitter that he had discovered the issue last Thrusday.
Here’s how it works: Color bills itself as a social photo app, allowing users to see photos being taken by those around them thanks to the GPS data it pulls from the phone. By setting the phone’s location data to another position, a user can view the photos being uploaded around a different location.
Using an app called FakeLocation installed on an jailbroken iPad, Wysopal changed his tablet’s perceived location and then fired up Color. Without a hitch, the photostreams from far away areas loaded up. Wysopal told Forbes that this trick could be used to spy on celebrities, with paparazzi letting adoring fans take the photos for them, then swiping them off of Color.
As the ‘hack’ has become public knowledge, Color’s response has been one of ambivalence. When talking with a Forbes reporter, Color spokesman John Kuch dismissed concerns saying, “it is all public, and we’ve been very clear about that from the very beginning.” In fact, all the content on Color is completely viewable to anyone — comments between users included. Moreover, Color’s creators had hinted about adding a “peeking” function that would allow users to see far-flung photostreams with some limitations, essentially what Wysopal’s work around does.
Though this doesn’t seem to pose much of a threat to personal security, it is a bit creepy. Color is all about photos of a shared experience, and it’s unnerving for an outsider to be in on that experience.
While this trick may be trivial, it lowers some of Color’s cache in my mind because Color cannot enforce the rules that make it unique. Like Twitter, Color is based on arbitrary rules which made it fun: Twitter only allows you to use 140 characters, and Color only let you see the photos of those around you. Like a game, it’s the rule that make it interesting, and hopefully Color will work to keep their app unique.
(via Forbes)
