Updated · Jun 24, 2022
Bumble Security Flaw Exposes Exact Location
Updated · Feb 21, 2022
A software engineer uncovers a vulnerability in the popular dating app, due to which hackers could get the exact locations of users.
Robert Heaton, a software engineer, took the role of a white hat hacker and prevented a data leak.
After he noticed a potential flaw, he executed a 'trilateration' attack. An automated script sent a sequence of requests to Bumble's servers. They relocated the 'attacker' before requesting the distance to the victim.
A cybercriminal could find when a users’ distance changes from 3 to 4 miles. Consequently, they would have three exact distances and be able to draw precise triangulation of the victim’s whereabouts.
Heaton also managed to hack another Bumble function. He spoofed the Swipe Yes requests, without paying the necessary fee.
He did so by bypassing the signature checks for API requests.
Bumble Fixes the Bug
Heaton shared his findings with the company. Within 72 hours, they took care of the vulnerability. In addition, he was rewarded $2,000 for his discovery.
Dating apps are rising in popularity, especially since the COVID-19 crisis. Although they’re fun, users are advised to install a VPN on their phone and always run a background check on potential dates.
Teodora devoted her whole life to words – reading, writing and trying to be original on social media. She got certified in digital marketing but still feels she’s not cool enough to be an influencer. (We all disagree – she influences the team pretty well.) She finished a master’s degree focused in Literature, Publishing, Mass Media. Her hobbies include traveling, and reading. Teddy hopes that yoga will be the thing to finally teach her some patience and show her the path toward world domination. Maybe modern tech can also help her with that.
Latest from Author
Your email address will not be published.