Popular dating app Bumble leaked users’ exact location – Security

Nancy J. Delong

A software package engineer at payments processor Stripe observed a vulnerability in courting application Bumble that could be made use of to discern the actual place of consumers, most likely placing consumers at risk.

By understanding how Bumble’s application programming interface (API) performs, software package engineer Robert Heaton observed a way to pinpoint users’ actual place, bypassing the safeguards in the application created to avert this.

Heaton made use of two fake Bumble profiles, a person for the attacker and a person for the victim.

He was ready to bypass signature checks for API requests which obtained him around Bumble’s paywall.

Getting ready to send arbitrary requests to Bumble’s API permitted Heaton to function out how the application calculated and introduced matching users’ approximate places by rounding down the actual distance they are from each individual other.

With that data, Heaton was ready to devise a trilateration attack, which in a similar fashion to triangulation would reveal the place of the victim Bumble person.

Heaton documented the vulnerability to Bumble through bug bounty web page HackerOne.

A fix was deployed within just 72 hrs, and Heaton was awarded US$2000, which he donated to charity.

“This is the second really serious vulnerability in Bumble in modern occasions.

In November final year, researchers at Impartial Protection Evaluators uncovered that it was not only possible to bypass spending for the Bumble Raise high quality options, but also to dump all the courting app’s person data like images.” 

Bumble has around one hundred million consumers all over the world, and was produced by Tinder co-founder Whitney Wolfe Herd and the founder of social network Badoo, Andrey Andreev.

Next Post

Apple strikes App Store deal with developers as it awaits Fortnite ruling - Software

Apple on Thursday agreed to loosen Application Store constraints on compact builders, placing a deal in a course motion lawsuit as the Apple iphone maker awaits a ruling by the same decide in a individual Application Store dispute brought by the developer guiding Fortnite. The deal consists of changes in […]