Topics
Latest
AI
Amazon
Image Credits:Gabby Jones/Bloomberg / Getty Images
Apps
Biotech & Health
Climate
Image Credits:Gabby Jones/Bloomberg / Getty Images
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
fund-raise
contrivance
Gaming
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
security department
Social
Space
inauguration
TikTok
Transportation
speculation
More from TechCrunch
case
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
A group of researchers tell they found that vulnerability in the design of some dating apps , including the popular Bumble and Hinge , allow malicious users or stalkers to pinpoint the location of their victims down to 2 meters .
Ina new academic paper , investigator from the Belgian university KU Leuven detail their finding when they analyzed 15 popular dating apps . Of those , Badoo , Bumble , Grindr , happn , Hinge and Hily all had the same exposure that could have help oneself a malicious drug user identify the skinny - precise placement of another user , grant to the research worker .
While neither of those apps share exact localisation when displaying the distance between exploiter on their profiles , they did apply exact localisation for the “ filter ” feature of the apps . Generally talk , by using filters , users can tailor-make their hunt for a partner ground on criteria like age , superlative , what character of relationship they are depend for and , crucially , distance .
To nail the accurate location of a aim user , the researchers used a novel technique they call “ prophet trilateration . ” In general , trilateration , which for case is used in GPS , works by using three points and measuring their space relative to the target . This creates three band , which intersect at the stop where the target is site .
prophet trilateration work more or less differently . The researchers wrote in their theme that the first step for the somebody who wants to identify their target ’s location “ about figure the victim ’s location , ” for example , ground on the placement display in the target ’s visibility . Then the assailant prompt in increments “ until the oracle indicate that the dupe is no longer within proximity , and this for three unlike directions . The assaulter now has three situation with a make love exact length , i.e. , the preselected propinquity space , and can trilaterate the victim , ” the researchers write .
“ It was somewhat surprising that known issues were still present in these democratic apps , ” Karel Dhondt , one of the researchers , told TechCrunch . While this technique does n’t expose the exact GPS coordinates of the dupe , “ I ’d say 2 cadence is close enough to pinpoint the user , ” Dhondt say .
The full news is that all the apps that had these issues , and that the researchers reach out to , have now changed how space filter shape and are not vulnerable to the oracle trilateration technique . The fix , grant to the researchers , was to round up the accurate coordinate by three decimals , make them less accurate and accurate .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
“ This is approximately an dubiousness of one kilometer , ” Dhondt said .
Bumble ’s frailty president of global communications Gabrielle Ferree said that the company was “ made cognisant of these finding in former 2023 and fleetly answer the issues limn . ” Ferree also said the issues were fixed in Badoo , which is owned by Bumble .
Dmytro Kononov , CTO and co - founding father of Hily , order TechCrunch in a argument that the company experience a report on the vulnerability in May 2023 and then did an probe to valuate the researcher ’ claims .
“ The finding indicated a possible possibility for trilateration . However , in practice , exploiting this for attacks was impossible . This is due to our internal mechanics designed to protect against spammers and the logical system of our search algorithm , ” Kononov allege . “ Despite this , we engaged in extended consultations with the authors of the paper and collaboratively break new geocoding algorithms to all eliminate this type of onset . These new algorithms have been successfully implemented for over a year now . ”
A Hinge interpreter said the company “ immediately took action ” when they encounter the researcher ’ report in early 2023 .
Happn CEO and president Karima Ben Abdelmalek told TechCrunch in an emailed statement that the company was contacted by the researcher last year .
“ After review by our Chief Security Officer of the research finding , we had the opportunity to discuss the trilateration method acting with the research worker . However , happn has an additional bed of protective cover beyond just rounding distances , ” say Ben Abdelmalek . “ This extra protection was not assume into score in their analysis and we mutually agreed that this spare measuring on happn makes the trilateration proficiency ineffective . ”
The researcher also found that a malicious person could settle users of Grindr , another popular dating app , to around 111 meter of their exact coordinates . While this is better than the 2 meters that the other apps allowed , it could still be potentially severe , harmonise to the researchers .
“ We fence that 111 beat , which is the corresponding distance that function with this preciseness , is not sufficient ” in areas with a modest compactness of people , such as rural or suburban areas , tell Dhondt .
Grindr makes it impossible to go below 111 metre because it rounds user ’ exact localisation by three decimal fraction . And when they reach out to Grindr , the fellowship said that this was a feature article , not a bug , according to the researchers .
Kelly Peterson Miranda , chief privateness officeholder at Grindr , aver in a command that “ for many of our exploiter , Grindr is their only cast of connection to the LGBTQ+ community , and the proximity Grindr offers to this community is paramount in providing the ability to interact with those close to them . ”
“ As is the case with many positioning - based societal meshing and dating apps , Grindr requires certain location information in monastic order to connect its users with those nearby , ” Miranda said , append that exploiter can disable their distance to be displayed if they want . “ Grindr user are in control of what location information they provide . ”
This floor has been update to include scuttlebutt from Hinge ’s and Badoo ’s spokespeople .
