Investigating dating apps and finding vulnerabilties

07.09.2021 in 00:43| Cedric Edwards

investigating dating apps and finding vulnerabilties

Business has been bad at Steveslist, the online marketplace that you co-founded together where people can buy and sell things and no one asks too many questions. The Covid pandemic has been uncharacteristically kind to most of the tech industry, but not to your particular sliver of it. You blame macro-economic factors outside your control and lazy employees. Single black men dating makes you even more worried - the Stevenator is always the one pushing for more spiralling. Something must be afoot. Could Steve be ratting you out?
  • Remote dating: How do the apps safeguard our data? | Securelist
  • Dating apps have major security vulnerabilities that could expose users' private information
  • Vulnerability in Bumble dating app reveals any user's exact location | Robert Heaton
  • Recent Headlines
  • Some UK dating apps have privacy vulnerabilities, research finds
  • Signing up
  • Subscribe to the Privacy List. Looking for a new challenge, or need to hire your next privacy pro? Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more. Steer a course through the interconnected web of federal and state laws governing U. Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

    Feb 09,  · A WIRED investigation has found that some of the most popular dating apps in the U.K. are leaking personal information. "During testing, four of the free apps exposed customer information by not fully securing data sent from the app's owners to customers' phones," the report states. "These were Happn, Hookup Now, AnastasiaDate, and AffairD. Oct 27,  · Singles looking for love using mobile dating apps could be putting their device security at risk, experts have warned. An investigation into many of the world's most popular dating apps by. Aug 25,  · Over the years they’ve accidentally allowed an attacker to find the exact location of their users in several different ways. The first vulnerability was prosaic. Until , the Tinder servers sent the Tinder app the exact co-ordinates of a potential match, then the app calculated the distance between this match and the current user.

    Gain the knowledge needed to address the widest-reaching consumer information privacy law in the U. Learn the legal, operational and compliance requirements of the EU regulation and its global influence. Learn more today. Presented in German. Join top experts discussing the critical data protection issues impacting Asia-Pacific businesses today.

    Delivering world-class discussion and education on the top privacy issues in Australia, New Zealand and around the globe.

    Sep 30,  · Preventing romance problems: determine level investigation helps offset immense Vulnerabilities in OkCupid’s websites and Cellphone App Check place specialists display just how a hacker perhaps have accessed consumers’ fragile reports – full profile info, exclusive emails, graphics and contact information – on OkCupid, the key free online online dating program Determine Point . Feb 09,  · A WIRED investigation has found that some of the most popular dating apps in the U.K. are leaking personal information. "During testing, four of the free apps exposed customer information by not fully securing data sent from the app's owners to customers' phones," the report states. "These were Happn, Hookup Now, AnastasiaDate, and AffairD. Aug 25,  · Over the years they’ve accidentally allowed an attacker to find the exact location of their users in several different ways. The first vulnerability was prosaic. Until , the Tinder servers sent the Tinder app the exact co-ordinates of a potential match, then the app calculated the distance between this match and the current user.

    The hub of European privacy policy debate, thought leadership and strategic thinking with data protection professionals. Seeing nothing amiss, Tinder returned the answer, to 15 decimal places of precision. The researchers repeated this process 3 times, and then drew 3 circles on a map, with centres equal to the spoofed locations and radii equal to the reported distances to the user. The point at which all 3 circles intersected gave the exact location of the victim.

    Tinder fixed this vulnerability by both calculating and rounding the distances between users on their servers, and only ever sending their app these fully-rounded values. Rounded distances can still be used to do approximate trilateration, but only to within a mile-by-mile square or so. You can always rely on your other good buddy, Kate Kateberry, to get you out of a jam.

    After a brief phone call she hurries over to your offices in the San Francisco Public Library to start looking for one.

    Remote dating: How do the apps safeguard our data? | Securelist

    However, within the details of how Bumble calculate these approximate distances lie opportunities for them to make mistakes that we might be able exploit. The code to do this might look something like this:. If an attacker i. The attacker can find these flipping points by spoofing a location request that puts them in roughly the vicinity of their victim, then slowly shuffling their position in a constant direction, at each point asking Bumble how far away their victim is.

    How do we know if this is what Bumble does? This means that you and Kate are going to need to write an automated script that sends a carefully crafted sequence of requests to the Bumble servers, leaping your user around the city and repeatedly asking for the distance to your victim. You decide to use the Bumble website on your laptop rather than the Bumble smartphone app. You sign up for your first Bumble account.


    It asks you for a profile picture. To preserve your privacy you upload a picture of the ceiling. You upload a stock photo of a man in a nice shirt pointing at a whiteboard. Bumble rejects it again. You crop the photo and scribble on the background with a paintbrush tool. Bumble accepts the photo! However, next they ask you to submit a selfie of yourself putting your right hand on your head, to prove that your picture really is of you. You do your best, but Bumble rejects your effort.

    investigating dating apps and finding vulnerabilties

    She is confused but she knows who pays her salary, or at least who might one day pay her salary if the next six months go well and a suitable full-time position is available. You take the same set of photos of Wilson in…marketing? Who cares. Before too long your Jenna account is shown your Wilson account, so you swipe right to indicate her interest. However, your Wilson account keeps swiping left without ever seeing Jenna, until eventually he is told that he has seen all the potential matches in his area.

    Dating apps have major security vulnerabilities that could expose users' private information

    Sounds promising. You click on it. You preferred it when these dating apps were in their hyper-growth phase and your trysts were paid for by venture capitalists. You reluctantly reach for the company credit card but Kate knocks it out of your hand. I bet we can bypass this paywall. In order to figure out how the app works, you need to work out how to send API requests to the Bumble servers. By studying these requests and responses we can work out how to replay and edit them.

    Vulnerability in Bumble dating app reveals any user's exact location | Robert Heaton

    This will allow us to make our own, customized HTTP requests from a script, without needing to go through the Bumble app or website. She swipes yes on a rando. But alongside each image it also shows the user ID that the image belongs to! You ask what that means. There are many different ways of generating signatures, but for a given signing process, the same input will always produce the same signature.

    Not only does it put your privacy at risk, it leaves you vulnerable to things like doxing and cyberstalking. Some risks are unfortunately hard to avoid, as many of the apps are location-based, which means you have to share your location to find potential matches. These are our hopes and expectations for a future of safe and secure digital connections:.

    Your email address will not be published. Save my name, email, and website in this browser for the next time I comment. Notify me dating new comments are added. While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that and in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

    We discovered a campaign delivering the Apps backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo Investigating and target overlaps with Kazuar. This is our latest summary of advanced persistent threat APT activity, focusing on significant events that vulnerabilties observed during Q2 attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc. Finding recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest.

    Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda. All Rights Reserved. Registered trademarks and service marks are the property of their respective owners.

    Recent Headlines

    Solutions for:. Content menu Close. Threats Threats. Categories Categories. Authors Tatyana Shishkova.

    Some UK dating apps have privacy vulnerabilities, research finds

    Users may face some of the following threats: Identification of the user by third parties. Theft of login credentials. Four apps allowed an adversary to intercept potentially sensitive information they transfer. Downloaded more than million times from Google Play. OkCupid — downloaded more than 10 million times from Google Play. Badoo — another very popular dating app.

    Bumble — an application where women make the first move.

    Signing up

    Downloaded more than 10 million times from Google Play, with 42 million monthly active users during the third quarter of Mamba — downloaded more than 10 million times from Google Play. Pure — an app for casual hookups and anonymous dating. Downloaded more than 1 million times from Google Play. Feeld — an app which allows you to search for partners in polyamorous relationships.

    Happn — an application for dating with random people you cross paths with. Downloaded over 50 million times from Google Play.

    0 thoughts on “Investigating dating apps and finding vulnerabilties”

    Add a comments

    Your e-mail will not be published. Required fields are marked *