Uncovered Tinder Vulnerabilities Let Strangers Spy on Users' Actions
Cyber security firm Checkmarx has uncovered "disturbing vulnerabilities" on dating app Tinder, which could expose to strangers who the user matches with and other personal information.
Launched in 2012, Tinder is a highly popular mobile "swiping" dating app. It is used worldwide, counting 1.6 billions swipes a day across 196 countries.
Checkmarx said in a report on Tuesday that its research group has found two vulnerabilities that, once combined, enable a malicious attacker to monitor a Tinder user's every move in the app, "seriously compromising" privacy.
Researchers discovered that the Tinder app lacks basic HTTPS encryption for profile pictures, allowing any stranger using the same open Wi-Fi network — for instance, the same public hotspot — to see what profiles the user is viewing as well as explore his profile.
An attacker could also take control over the profile pictures a user sees and swap them for inappropriate content, rogue advertising or other type of malicious content.
"We can simulate exactly what the user sees on his or her screen. You know everything: What they're doing, what their sexual preferences are, a lot of information," Erez Yalon, Checkmarx's manager of application security research, told WIRED.
The researchers pointed out that the vulnerabilities were found in both the Android and iOS versions of the app.
A Tinder spokesperson told WIRED in a statement that "like every other technology company, we are constantly improving our defenses in the battle against malicious hackers".
The recommendation for users is to avoid public Wi-Fi networks wherever possible.
- Source : Sputnik
