Tinder security flaw granted account access with just a phone number

22 February, 2018, 10:27 | Author: Darnell Taylor
  • Login Service Powered by Facebook’s Accountkit on Tinder

Using this vulnerability, attacker would get complete control of the target account. Thus it was possible to create an authorization token belonging to a stranger from Account Kit, and then send it to Tinder's app to log in as that person.

App developers should take a long, hard look at how they use Facebook's Account Kit for identifying users - after a flaw in the system, and Tinder's use of the toolkit, left shag-seekers open to account hijacking. First is the API of Tinder and the other is through Facebook's Account Kit system which safeguards user's logins.

Anand Prakash from Appsecure explained how the attack works on Tinder, "The user clicks on Login with Phone Number on tinder.com and then they are redirected to Accountkit.com for login".

Tinder accounts could be vulnerable to risks from hackers thanks to just one mobile number, according to revelations made by cyber security company AppSecure. But there is no need to worry because the good news is that after being alerted by Appsecure, Tinder has fixed the issue.

New Android enterprise program recommends best phones for businesses and professionals
Even more odd is that Samsung's flagship devices are not listed, but that could change with the release of the Galaxy S9 and S9+. In addition, OEMs in the program receive an enhanced level of technical support and training from Google.


Finnish skater comes from a family of Winter Olympians
She displaced Vonn in silver medal position, but Goggia held on to become the first Italian victor of the event. She earned a lot of attention for tweeting during the event while earning her place among Olympic athletes.


ValuEngine Downgrades Huntington Bancshares (NASDAQ:HBAN) to Hold
New York State Teachers Retirement Sys has 0.07% invested in Huntington Bancshares Incorporated (NASDAQ:HBAN) for 2.01M shares. The Delaware-based Riverhead Cap Ltd Liability Com has invested 0.02% in Huntington Bancshares Incorporated (NASDAQ: HBAN ).


According to AppSecure, the account takeover vulnerability in Tinder ensures that an attacker can gain access to the dating app account with any phone number, which is used to login. Conveniently enough, Account Kit also had a bug in which an attacker could have gained access to any user's Account Kit simply by using their phone number. Supplying a phone number as a "new_phone_number" parameter in an API call over HTTP skipped the verification code check, and the kit returned a valid "aks" authorization token.

Have you fallen victim to a social media hack?

Appsecure said the vulnerabilities were quickly resolved with Facebook paying a $5,000 bounty and Tinder paying a $1,250 reward.

Recommended:

  • Vodafone Group Plc (VOD) Shares Sold by Catalyst Capital Advisors LLC

    BidaskClub cut shares of Vodafone Group from a "buy" rating to a "hold" rating in a research report on Thursday, January 18th. Westpac Bk holds 0.01% or 954 shares. 410.35 million shares or 0.47% more from 408.41 million shares in 2017Q2 were reported.

    Fed officials: Stronger economy boosts chance for rate hikes

    Yield on the 10-year note initially fell from session highs after the release , but recovered to reach a fresh four-year high . Officials at the US Federal Reserve have hinted at gradual hikes in interest rates this year.
    LG K8, K10 2018 edition budget phones launched ahead of MWC 2018

    LG K8, K10 2018 edition budget phones launched ahead of MWC 2018

    Unlike the K8 2018, the 3000 mAh battery on the K10 2018 is non-user replaceable with no mention of fast charging support. The K10 and K10 Alpha come with 2GB of RAM and 16GB of storage while the K10 Plus will offer 3GB RAM and 64GB of storage.
  • NRA rep to face survivors of Parkland school shooting

    NRA rep to face survivors of Parkland school shooting

    Loesch said it was not a matter of prioritizing one right over another. "He should have been barred from getting a firearm", she said.
    BC wine industry launches lawsuit against Alberta ban

    BC wine industry launches lawsuit against Alberta ban

    The B.C. government is seeking feedback on five points. "It seems unfair on both sides", Ocenas said. The AGLC had 160,000 cases, or about a 30-to 35-day stock of B.C. wine, on February 6.
    Trump questions why Obama administration is not subject of Russian Federation  investigation

    Trump questions why Obama administration is not subject of Russian Federation investigation

    Sessions is his Attorney General and heads the Department of Justice which is responsible for all such investigations. Sanders said multiple times that Trump has been tougher on Russian Federation than former President Barack Obama .
  • Sushma Swaraj to meet Canadian counterpart ahead of PM Modi-Trudeau talks

    Sushma Swaraj to meet Canadian counterpart ahead of PM Modi-Trudeau talks

    It was later reported that Justin Trudeau had cancelled a dinner invite Jaspal Atwal, who is a convicted Khalistani terrorist. At the time of the 1986 shooting, he was a Sikh separatist active in the pro-Khalistan International Sikh Youth Federation.
    Black Panther Director Writes Emotional Thank You To Fans

    Black Panther Director Writes Emotional Thank You To Fans

    In related news, Black Panther's box office now stands at $263 million domestically and $462.2 million worldwide through Tuesday. Ross and members of the Dora Milaje, Wakandan special forces, to prevent Wakanda from being dragged into a world war.
    Michigan roads flood as rivers rise to record levels

    Michigan roads flood as rivers rise to record levels

    Wednesday's high temperatures could approach 90° across the lower Southwest. "Ice that is not moving needs to be reported". The city of Stryker will likely see flowing water well above the bounds of the river, into surrounding low-lying fields.
  • Trump Announces He'll Ban Rifle 'Bump Stocks' After Florida Shooting

    Trump Announces He'll Ban Rifle 'Bump Stocks' After Florida Shooting

    Andrew Pollack's daughter Meadow was killed in last week's mass shooting . 9/11 happened once - and they fixed everything. The fifth point on the note was "I hear you". "King David Cemetery, that is where I go to see my kid now".
    Women's big air medals awarded in PyeongChang

    Women's big air medals awarded in PyeongChang

    In the final, the riders each had to land two different tricks, spinning different ways, and the total score decided the victor . Gasser was one of the few who didn't hold back in this year's slopestyle event , which was plagued by awful weather conditions.
    Kyle Busch, Jimmie Johnson, others crash early in 2018 Daytona 500

    Kyle Busch, Jimmie Johnson, others crash early in 2018 Daytona 500

    He had started the race in the rear after the team had to pull out the backup vehicle from a qualifying race crash. Most veteran drivers - and even fans - are quick to blame young drivers for causing big wrecks.


Popular

Instagram Explains Why They Deleted Florida School Shooter's Account
Ms Thorne said she shook Mr Ryan's hand and introduced herself but added: "You're here celebrating the death of 17 children". Trump said earlier on Friday that he is traveling to Florida to meet with people impacted by the shooting.

Henry Schein Inc (NASDAQ:HSIC): Has Recent Earnings Growth Beaten Long-Term Trend?
Stanley Management Ltd Com holds 2.42% or 58,295 shares in its portfolio. 45,716 were accumulated by Reilly Herbert Faulkner Iii. It is negative, as 56 investors sold NFLX shares while 255 reduced holdings. 18 funds opened positions while 32 raised stakes.

IShares MSCI Austria Capped (EWO) Rises 1.21% for Feb 12
Tower Research Capital LLC TRC raised its holdings in iShares MSCI Japan ETF by 3,908.8% during the 2nd quarter. The firm owned 40,595 shares of the company's stock after buying an additional 2,085 shares during the period.

Santa Barbara Asset Management LLC Acquires Shares of 2322032 Comcast Co. (CMCSA)
If we look at the Volatility of Comcast Corporation (CMCSA ), Week Volatility is 3.45%, whereas Month Volatility is at 2.96%. Comcast Corporation (CMCSA ) indicated a yearly performance of 4.65% while year-to-date (YTD) performance stood at 0.07%.

Knuckling Down on Shares of American Tower Corporation (REIT) (NYSE:AMT)
A month ago, they told us to expect earnings of US$0.83 per share while three months ago their EPS consensus estimate was US$0.85. Cambridge Financial Group Inc increased Walgreens Boots Alliance Inc stake by 2,113 shares to 67,108 valued at $5.18B in 2017Q3.

Andrew Luck not yet throwing footballs, but he is throwing
In an interview with Peter King on Tuesday, Luck said the " ship has sailed " on him needing a second surgery. As King notes, House said he expects Luck to be able to throw without restriction at some point this spring.

Angry students, parents confront Sen. Rubio
Rubio said the country has not been able to make progress on the issue of gun control "but you do have a chance to change it". The seniors talked about their mission, which Tarr said is not to take away the civil liberties of law-abiding gun owners.

Earnings of Home Depot exceeded market expectations for the sixth consecutive quarter
Wedbush set a $190.00 price objective on Home Depot and gave the company a "hold" rating in a report on Wednesday. Synovus Financial Corp's holdings in Home Depot were worth $34,344,000 at the end of the most recent quarter.

Irrfan Khan out of action due to jaundice
Apart from Irrfan, the film also stars Kirti Kulhari, Arunoday Singh , Divya Dutta and "3 Idiots" fame Omi Vaidya. Produced by T-Series' Bhushan Kumar and RDP Motion Pictures, Blackmail is slated to release on April 6, 2018.

McDonald's Is Releasing A Podcast About The 'Rick And Morty' Sauce Riots
Let us know in the comment section below! Just hit the buttons on the top of this page. A disappointed " Rick and Morty " fan looking for Szechuan sauce.