Bumble Security Flaw Exposes Exact Location

A software engineer uncovers a vulnerability in the popular dating app, due to which hackers could get the exact locations of users. 

The Bug

Robert Heaton, a software engineer, took the role of a white hat hacker and prevented a data leak. 

After he noticed a potential flaw, he executed a ‘trilateration’ attack. An automated script sent a sequence of requests to Bumble’s servers. They relocated the ‘attacker’ before requesting the distance to the victim.

A cybercriminal could find when a users’ distance changes from 3 to 4 miles. Consequently, they would have three exact distances and be able to draw precise triangulation of the victim’s whereabouts.

Swipe Yes

Heaton also managed to hack another Bumble function. He spoofed the Swipe Yes requests, without paying the necessary fee.

He did so by bypassing the signature checks for API requests.

Bumble Fixes the Bug

Heaton shared his findings with the company. Within 72 hours, they took care of the vulnerability. In addition, he was rewarded $2,000 for his discovery.

Dating apps are rising in popularity, especially since the COVID-19 crisis. Although they’re fun, users are advised to install a VPN on their phone and always run a background check on potential dates.

ABOUT AUTHOR

Devoted my whole life to words - reading, writing and trying to be original on social media. Got certified in digital marketing - still not cool enough to be an influencer. Finished a master’s degree focused in Literature, Publishing, Mass Media. Hobbies include traveling, reading and hoping that yoga will be the thing to finally teach me some patience. Would like to take over the world at some point, but that’s an optional dream. Maybe modern tech can help me do that?

Latest from Teodora

What Is SEO Writing Employee Theft Statistics That You Don’t Want to Miss in 2021 15 Disturbing Workplace Violence Statistics for 2021 White-Collar Crime Statistics That You May Not Know About in 2021

Leave a Reply

Your email address will not be published. Required fields are marked *