This might come as a shocker to all Tinder lovers who enjoy swiping through profiles on the dating app. Security research firm Checkmarx has revealed vulnerabilities in the globally popular app, which could potentially cause privacy breach. Also Read - Tinder could now block your ex, office colleagues, relatives before you start swipingAlso Read - No, Facebook, WhatsApp, Twitter and Instagram will not stop working in India (Not right now)
In their blog, the security researchers reveal the two ‘disturbing vulnerabilities’ that threaten your privacy. One of the biggest challenges with dating apps or any social app is to ensure user privacy. However, it was discovered that both the iOS and Android version of Tinder contain loopholes, which allow attacker using the same Wi-Fi network as the user to monitor their behavior on the app. Also Read - Pakistan blocks Facebook, Twitter and other social media apps until 3 pm
An attacker could potentially take control of profile pictures the user sees, swap them for inappropriate content, rogue ads, or other types of malicious content. The attacker could also blackmail the victim by threatening to expose private information from the users’ Tinder profile and actions in the app.
In the detailed whitepaper, the researchers explain that it is also possible to attack is through VPN or company VPN or company administrators, DNS poisoning attacks or through a malicious internet service provider.
The researchers also detailed use cases and attack scenarios in the white paper, indicating Tinder lacks even basic HTTPS encryption for users’ photos. So if the app is used when on a vulnerable network, it is possible for the attacker to snoop on a person’s swiping activity.
BGR India has reached out to Tinder to know whether the company has taken any measures to contain the exploitation of the loopholes that affect the app in 196 countries.
There is no credential theft or immediate financial impact involved in the attack process. Nonetheless, the possibility of having app activities and personal information snooped on in itself is quite unnerving. “Until all application makers implement comprehensive application security testing solutions, we should probably still be cautious and mindful. This means avoiding public networks as much as possible, using HTTPS over HTTP and generally being aware of what might be happening over our virtual shoulder,” the researchers advice.