Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Vulnerability in Bumble dating app reveals any user's exact location
Rob Heaton - StripePosted 3 Years Ago- Location based security is really hard to do! Do you send the exact coordinates? Partial? City? All of this is particular to the application and is really easy to get wrong. This is a case where this was done wrong in Bumble.
- Originally, Tinder showed distances of where people were located at (in terms of closeness) to them. The exact distance away was being sent to the other person then rounded down. Using triangulation, it was possible to find the exact location of where somebody was located. This was fixed by calculating the distance on the server within a mile.
- To find the exact distance, you can use triangulation. This strategy involves moving at various points in the city to get different distances. Then, using three different distances you can calculate the exact location. A good picture is shown in the article about this.
- On Bumble, the distance away from taken then rounded down to the nearest mile. Can this be abused? Considering that the location is technically an input to the system (if you spoof it) then we can!
- In the Tinder exploit, we knew the exact distance; here, we do not have this same information. By finding a point where the location goes from one mile marker (3) to another (4) we can find the exact distance away again.
- Using the strategy mentioned in the previous bullet point, an attacker can get multiple exact distances. As a result, we can use the previous method (triangulation) to find the exact location!
- The article includes some interesting information about making this attack feasible. Most importantly, it was about automating the API requests from Bumble, which have signature validation on them.
- Overall, great article with a fun story. Location based services are hard to implement! Whenever you come across sensitive information that is relative, it may be possible to find the original.
