Dating app Tinder is one of the biggest dating app present in the world. Its used by most of the people interested in Internet dating. Although its popularity is huge, it still lacks the basic HTTPS encryption. It means a malicious attacker could easily see user’s photos. They could also add their own photos in their photostream. Tel Aviv-based security research firm Checkmarx discovered the vulnerabilities. There are two vulnerabilities in the dating app. These can be used to see users’ profiles as well as the profiles they’ve viewed.
Checkmarx blog post says. “The Checkmarx Security Research Team found disturbing vulnerabilities in a highly popular dating application used by people across the globe – Tinder”. The security research firm created an app to demonstrate the process. Called the TinderDrift the application can recreate the actions from a user's account. However, the hacker and attacker needs to be on the same network to do so. Checkmark also showcased this in a YouTube video. They demonstrated that they could potentially see users actions, photos and make changes to it.
What does it mean for Tinder Users
This kind of sensitive information can be used for various purposes. It can be used by the attackers to blackmail victims by threatening to expose private information. Though swipes and matches remain encrypted on Tinder. The hackers can track specific bytes. It will help them to determine the user’s action like left swipe, right swipe, Super Like, a match and more.
Also Read: Twitter now uses machine learning to bring smart auto-cropping for your photo posts
The blog post from Checkmarx also added. “The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research)”.
