Popular dating app Bumble leaked users’ exact location – Security

A computer software engineer at payments processor Stripe observed a vulnerability in dating application Bumble that could be utilised to discern the precise site of customers, perhaps putting customers at possibility.

By studying how Bumble’s application programming interface (API) performs, computer software engineer Robert Heaton observed a way to pinpoint users’ precise site, bypassing the safeguards in the application built to avoid this.

Heaton utilised two pretend Bumble profiles, a single for the attacker and a single for the victim.

He was able to bypass signature checks for API requests which obtained him all around Bumble’s paywall.

Getting able to ship arbitrary requests to Bumble’s API authorized Heaton to function out how the application calculated and offered matching users’ approximate spots by rounding down the precise distance they are from every single other.

With that details, Heaton was able to devise a trilateration assault, which in a related vogue to triangulation would reveal the site of the victim Bumble person.

Heaton claimed the vulnerability to Bumble through bug bounty web-site HackerOne.

A deal with was deployed within just seventy two hours, and Heaton was awarded US$2000, which he donated to charity.

“This is the next significant vulnerability in Bumble in current instances.

In November final calendar year, scientists at Impartial Security Evaluators found that it was not only doable to bypass paying out for the Bumble Strengthen top quality attributes, but also to dump all the dating app’s person details which includes pictures.” 

Bumble has all around a hundred million customers around the world, and was created by Tinder co-founder Whitney Wolfe Herd and the founder of social network Badoo, Andrey Andreev.