As long time fans of George A. Romero we are the first to admit that initially ‘Night of the living dead’ may have led to a few sleepless nights. Then decades later along came the ‘double tap’. Not only did it make sure when things went down that they stayed down, it also really helped many sleep easier at night.
The double tap is also often one of a testers favored lines of attack to reveal problems or opportunities in web and mobile applications.
Double tapping is fairly common. Sometimes it happens by accident, sometimes a defective screen may not always respond so the user compensates by always double tapping. OR you could even just have a sluggish network and the user taps again believing their first tap was not recognized. What risks are associated with the double tap?
There is a lot of potential for double taps to do harm, here are a few examples.
- You are buying a bike online. If you double tap you do not want to accidentally end up with two bikes.
- When you pay a bill, could a double tap result in you being double charged?
- When you have a one time use account activation link in an email, could a double tap result in a confusing message that “This activation link has already been used”?
- If you have a voucher for a one time only free burger, could double tapping get you unlimited free burgers?
The last example also flags the risk of a double tap vulnerability being exploited which opens up opportunities for those with potential malicious intent.
The good news is that all of these can be prevented with good development practices and you can sleep easier at night knowing our testers have an affinity with the double tap attack.
The other interpretation of the double tap is that upon finding a bug or vulnerability, we remove it and then add an automated check so that it stays down in the future. We know it can be very frustrating if the same bug comes back to haunt you later.