Hinge & Bumble Loophole Exposes User Locations

Hinge & Bumble Loophole Exposes User Locations

“Despite initial beliefs, swiping right to find a date may not be as secure and could potentially expose your location information to potential stalkers.”

According to a study conducted by researchers on various dating apps, serious security flaws have been discovered. This includes popular options such as Bumble, which could potentially put users’ privacy at risk.

According to a team of researchers from KU Leuven, a university in Belgium, these applications have security vulnerabilities that can accurately reveal a user’s location up to 2 meters (6 and 1/2 feet).

In the study, the 15 most popular dating apps were examined by researchers. It was found that platforms such as Badoo, Bumble, Grindr, happn, Hinge, and Hily had vulnerabilities that could be exploited by attackers to pinpoint exact locations using a method known as Oracle Trilateration.

Oracle Trileration is a technique in which the individual attempting to locate someone initially makes an educated guess about their possible whereabouts. Then, they proceed to move in three different directions until the application indicates that the target is no longer within range. This provides them with three reference points to utilize. By utilizing these three points, they can accurately determine the exact location of the target.

Filters such as age, height, relationship type, and others are typically used to determine an ideal match. However, when combined with Oracle Trilateration, the distance filter may reveal the user’s location.

Despite this, the majority of platforms have taken steps to resolve the concerns and have reduced the precision of the coordinates. This endeavor should make it challenging to track users beyond a distance of one kilometer.

In May 2023, Dmytro Kononov, CTO and co-founder of Hily, informed TechCrunch that they had become aware of the vulnerability and subsequently conducted an internal investigation.

social media apps
dexerto

“According to Kononov, while the findings suggested the potential for trilateration, it was not feasible to use this for attacks in practice. This is because our internal mechanisms are specifically designed to prevent spam and our search algorithm is based on logical reasoning.”

“In spite of this, we conducted thorough discussions with the authors of the report and worked together to create new geocoding algorithms that completely eliminate the potential for this type of attack. These updated algorithms have been effectively utilized for over a year now,”he stated.

Despite this, Grindr continues to permit location tracking within a radius of 111 meters. The company maintains that it intentionally designed this feature to connect users in close proximity and therefore cannot remove it.

Leave a Reply

Your email address will not be published. Required fields are marked *