‘We identified it was feasible to compromise any account regarding the application within a 10-minute timeframe’
Critical zero-day weaknesses in Gaper, an ‘age gap’ dating app, could possibly be exploited to compromise any individual account and potentially extort users, safety scientists claim.
The lack of access settings, brute-force security, and authentication that is multi-factor the Gaper software suggest attackers may potentially exfiltrate delicate individual information and usage that data to accomplish complete account takeover in just ten minutes.
More worryingly still, the assault didn’t leverage “0-day exploits or advanced methods so we wouldn’t be amazed if this wasn’t formerly exploited into the wild”, stated UK-based Ruptura InfoSecurity in a write-up that is technical yesterday (February 17).
Inspite of the obvious gravity of this risk, researchers stated Gaper did not react to numerous tries to contact them via email, their only help channel.
GETting data that are personal
Gaper, which established during summer of 2019, is just a dating and social networking app directed at people looking for a relationship with more youthful or older women or men.