Are you on Tinder? Security bugs allow anyone to snoop on your swipes

All that an attacker needs is to be on the same Wi-Fi network as the user to carry out snooping activity.

  • Published: January 24, 2018 5:00 PM IST

This might come as a shocker to all Tinder lovers who enjoy swiping through profiles on the dating app. Security research firm Checkmarx has revealed vulnerabilities in the globally popular app, which could potentially cause privacy breach.

In their blog, the security researchers reveal the two ‘disturbing vulnerabilities’ that threaten your privacy. One of the biggest challenges with dating apps or any social app is to ensure user privacy. However, it was discovered that both the iOS and Android version of Tinder contain loopholes, which allow attacker using the same Wi-Fi network as the user to monitor their behavior on the app.

An attacker could potentially take control of profile pictures the user sees, swap them for inappropriate content, rogue ads, or other types of malicious content. The attacker could also blackmail the victim by threatening to expose private information from the users’ Tinder profile and actions in the app.

In the detailed whitepaper, the researchers explain that it is also possible to attack is through VPN or company VPN or company administrators, DNS poisoning attacks or through a malicious internet service provider.

The researchers also detailed use cases and attack scenarios in the white paper, indicating Tinder lacks even basic HTTPS encryption for users’ photos. So if the app is used when on a vulnerable network, it is possible for the attacker to snoop on a person’s swiping activity.

BGR India has reached out to Tinder to know whether the company has taken any measures to contain the exploitation of the loopholes that affect the app in 196 countries.

There is no credential theft or immediate financial impact involved in the attack process. Nonetheless, the possibility of having app activities and personal information snooped on in itself is quite unnerving. “Until all application makers implement comprehensive application security testing solutions, we should probably still be cautious and mindful. This means avoiding public networks as much as possible, using HTTPS over HTTP and generally being aware of what might be happening over our virtual shoulder,” the researchers advice.

  • Published Date: January 24, 2018 5:00 PM IST