Bumble Security Flaw Exposes Exact Location

Teodora Dobrilova
Teodora Dobrilova

Updated · Feb 21, 2022

SHARE:

Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

A software engineer uncovers a vulnerability in the popular dating app, due to which hackers could get the exact locations of users. 

The Bug

Robert Heaton, a software engineer, took the role of a white hat hacker and prevented a data leak. 

After he noticed a potential flaw, he executed a 'trilateration' attack. An automated script sent a sequence of requests to Bumble's servers. They relocated the 'attacker' before requesting the distance to the victim.

A cybercriminal could find when a users’ distance changes from 3 to 4 miles. Consequently, they would have three exact distances and be able to draw precise triangulation of the victim’s whereabouts.

Swipe Yes

Heaton also managed to hack another Bumble function. He spoofed the Swipe Yes requests, without paying the necessary fee.

He did so by bypassing the signature checks for API requests.

Bumble Fixes the Bug

Heaton shared his findings with the company. Within 72 hours, they took care of the vulnerability. In addition, he was rewarded $2,000 for his discovery.

Dating apps are rising in popularity, especially since the COVID-19 crisis. Although they’re fun, users are advised to install a VPN on their phone and always run a background check on potential dates.

SHARE:

Teodora Dobrilova

Teodora Dobrilova

Teodora devoted her whole life to words – reading, writing and trying to be original on social media. She got certified in digital marketing but still feels she’s not cool enough to be an influencer. (We all disagree – she influences the team pretty well.) She finished a master’s degree focused in Literature, Publishing, Mass Media. Her hobbies include traveling, and reading. Teddy hopes that yoga will be the thing to finally teach her some patience and show her the path toward world domination. Maybe modern tech can also help her with that.

Leave your comment

Your email address will not be published.