Simple 'Color' Hack Lets You Snag Anyone's Photos, Regardless of Location
Wysopal realized that, with the help of a jailbroken iPad and an app called 'FakeLocation,' he could trick 'Color' into thinking he was anywhere. The result? He could then snag the photos of anyone in that area without physically being there. (A similar trick can be pulled off with a rooted Android phone and a location-spoofing app that reports fake GPS coordinates.)
Wysopal, while sitting in New York City, pulled in images from MIT, Harvard and Color's headquarters in Palo Alto, California, and sent them along to Andy Greenberg at Forbes. He also pointed out the potential for remotely spying on celebrity hotspots, making it much easier for the paparazzi to snag candid photos.
Color spokesperson John Kuch told Forbes that the company never made any claims about protecting privacy. "It is all public, and we've been very clear about that from the very beginning," he said. It's true that 'Color' is explicitly designed for public sharing, and isn't intended for those who are uncomfortable letting anyone look at their photos. But there is an expectation of location-based exclusivity. 'Color' is designed to share images with people in your immediate area, not across the country, which may make some users incredibly uncomfortable.