Cybersecurity researchers just discovered that the popular dating app Tinder lacks the necessary encryption to keep your activities safe from prying eyes.
Welcome to the decade of mobile matchmaking and dating. For the lucky few, all you have to do is swipe right to find your special someone. This skin-deep evaluation of a potential partner cuts through all the red tape of a longwinded profile. You don’t have to tell your life story, you just have to have a nice picture.
Some call it soulless or superficial, but it’s an innovative way to find suitable partners. Just think: no more blind dates and no more awkward introductions during family gatherings.
If you’re feeling lonely, just install Tinder, one of today’s most popular dating apps, make that swipe, and find the perfect match.
Just, beware of bots.
Of course, there are other options like OKCupid and CoffeeMeetsBagel, yet Tinder is more handy and convenient, right? Honestly, it’s not as fancy as the other two when it comes to features. Yet, it can do the matchmaking job the way people today wanted it to: quick and easy.
Tinder is location-based and helps anyone find someone in the area where they want to chat or meet up.@Checkmarx uncovered some @Tinder vulnerabilities that can compromise the privacy of users.Click To Tweet
The two main selling points of the app draw over 50 million users to it worldwide. They are: unrivaled convenience and utter simplicity. It can hook you up with a good match in the place of your choice with just a swipe of your finger.
When you get past all of the fake profiles and spam accounts looking to dupe you into a pornography subscription, it’s pretty awesome isn’t it? However, there may be trouble in paradise.
Reports of recently discovered encryption vulnerabilities might make you think twice before swiping on your phone.
— Checkmarx (@Checkmarx) January 23, 2018
Dating App Encryption Vulnerabilities
In a blog post on Wednesday, the Tel Aviv-based cybersecurity company Checkmarx explained the vulnerabilities its researchers found on Tinder. According to the company, the security flaws can be exploited by hackers to breach any Tinder user’s privacy.
The vulnerabilities affect both the iOS and Android versions of the application and make it possible for an attacker using the same network as the user to monitor the latter’s Tinder activity.
If that’s not scary enough, the privacy flaws also allow an attacker to “take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other types of malicious content.” Apparently, these breaches could happen anytime because your favorite dating app lacks the basic HTTPS encryption to secure the application from possible hacking.
With news of hacking and cybersecurity crimes happening every day, its a wonder why a company worth $5 billion like Tinder would fail to have the BASIC encryption to protect its users.
In a demo posted on YouTube, Checkmarx researchers used a proof-of-concept app called TinderDrift. With it, they showed how a user’s Tinder session can be reconstructed by anyone sharing the same WiFi.
While swipes and matches are said to be HTTPS-encrypted, it is still possible for attackers to pinpoint encrypted commands. They do this by using specific byte patterns that represent a left or right swipe, a Super Like, and a match, the researchers said.
The researchers also emphasized that a combination of intercepted photos and monitored encrypted commands enable hackers to know all of a user’s info. What’s even more important is that certain Tinder information, like sexual preference, could be used by hackers to blackmail a user.
In its defense, Tinder sent a statement to The Verge and it reads:
“Like every other technology company, we are constantly improving our defenses in the battle against malicious hackers. For example, our desktop and mobile web platforms already encrypt profile images, and we are working towards encrypting images on our app experience as well.
However, we do not go into any further detail on the specific security tools we use or enhancements we may implement to avoid tipping off would-be hackers.”