Digital Travel App TripBFF Exposed Location Data Way Too Accurately

This title could be clearer and more informative.Try out Clickbait Shieldfor free (5 uses left this month).

Security researcher Jonathan Leitschuh discovered critical privacy vulnerabilities in TripBFF, a travel app with 1M+ downloads. The app exposed exact latitude/longitude coordinates and full birthdates for all users through unauthenticated APIs. By manipulating API requests, researchers could enumerate users globally without

15m read timeFrom infosecwriteups.com
Post cover image
Table of contents
Enter Adam Baldwin (aka. EvilPacket)Hacking TripBFFFindingsGet Jonathan Leitschuh’s stories in your inboxProposed FixesResponse by the TripBFF TeamAreas for Further ExplorationConclusion

Sort: