Tinder App Lacks Encryption, User's Privacy at Risk: Checkmarx

Share on Facebook Tweet Share Share Reddit Comment
Tinder App Lacks Encryption, User's Privacy at Risk: Checkmarx

Highlights

  • Researchers have disclosed two major flaws in Tinder app
  • Attacker can spy on a user's every move in the app
  • Hacker and user will have to be on the same Wi-Fi network

Tinder mobile app lacks security protections, leaving users vulnerable to eavesdropping, a report by security researchers claims. Researchers say the dating app is not using encryption to prevent hackers from snooping on users sharing the same network. Lack of basic HTTPS encryption essentially means that anyone can extract Tinder pictures and other data such as user swipes.

Tel Aviv-based security research firm Checkmarx found the vulnerability on Tinder's Android as well as iOS apps. In order to demonstrate an attack, the firm has created an app called TinderDrift. In a video on YouTube, we can see how such an app could be used to follow Tinder users' actions on Tinder if the person is sharing the same Wi-Fi.

The researchers have disclosed two flaws - CVE-2018-6017 and CVE-2018-6018 - in the app. The report says, "Our research found two vulnerabilities that, once combined, enable a malicious attacker to spy on a Tinder user's every move in the app." This means hackers can see a user's profile, profiles which the user views, as well as actions like swiping left or right, and more. The attacker can follow the user's Tinder matches and seriously compromise the user's privacy, the researchers noted.

Notably, in order to carry out an attack, hackers will have to be on the same Wi-Fi network as the user, the report claims. Since Tinder is an app usually used in public spaces, people are likely used to be accessing public Wi-Fi, leaving themselves potentially exposed. Additionally, other scenarios include VPN connection, DNS poisoning attacks, or malicious Internet service providers.

The report also claims that hackers can use user's private information to potentially swap the photos a user sees for inappropriate content or rogue advertising. It has recommended Tinder users to avoid public Wi-Fi networks wherever possible until developers take steps to make sure all app traffic is secured.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

iOS 11.2.5, watchOS 4.2.2, tvOS 11.2.5 Updates Now Available to Download: What's New
Twitter COO Anthony Noto Resigns, Joins Online Lender SoFi as CEO
 
 

Advertisement

 

Advertisement