www.zejournal.mobi
November 15, 2024

Uncovered Tinder Vulnerabilities Let Strangers Spy on Users' Actions

Author : Sputnik | Editor : Indie | January 26, 2018 at 10:41 AM

Cyber security firm Checkmarx has uncovered "disturbing vulnerabilities" on dating app Tinder, which could expose to strangers who the user matches with and other personal information.

Launched in 2012, Tinder is a highly popular mobile "swiping" dating app. It is used worldwide, counting 1.6 billions swipes a day across 196 countries.

Checkmarx said in a report on Tuesday that its research group has found two vulnerabilities that, once combined, enable a malicious attacker to monitor a Tinder user's every move in the app, "seriously compromising" privacy.

Researchers discovered that the Tinder app lacks basic HTTPS encryption for profile pictures, allowing any stranger using the same open Wi-Fi network — for instance, the same public hotspot — to see what profiles the user is viewing as well as explore his profile.

An attacker could also take control over the profile pictures a user sees and swap them for inappropriate content, rogue advertising or other type of malicious content.

"We can simulate exactly what the user sees on his or her screen. You know everything: What they're doing, what their sexual preferences are, a lot of information," Erez Yalon, Checkmarx's manager of application security research, told WIRED.

The researchers pointed out that the vulnerabilities were found in both the Android and iOS versions of the app. 


Read More :

A Tinder spokesperson told WIRED in a statement that "like every other technology company, we are constantly improving our defenses in the battle against malicious hackers".

The recommendation for users is to avoid public Wi-Fi networks wherever possible.    


- Source : Sputnik

Send via email :

Comment

Send your comment via :



Close

Search
Like Our Site?
(34)
Latest Articles
Most Read Articles
Loading...
Loading...
Loading...

Email Subscribe

Received our newsletter, we send it to your email

  


Close