CATEGORIES
home News

Tinder's Encryption Void Leaves Your Dating Travails Visible To Stalkers

by Shane McGlaunWednesday, January 24, 2018, 08:54 AM EDT

Tinder is a popular dating app that matches people up using swipes. If you thought that all the people you were swiping left or right on were private and only you and the people you swiped knew about them, you might be wrong. Security researchers have found a flaw that could allow those swipes to be captured and exposed.

tinder

The crux of the issue is that Tinder doesn't use HTTPS encryption for fetching images reports a security firm called Checkmarx. This lack of encryption means that your Tinder activity could be exposed over a local Wi-Fi network, allowing a nefarious or nosey character to see your Tinder likes and matches in real time. The researchers offered up a demonstration of the attack via a YouTube video.

The attack is performed using a program that the researchers created called "TinderDrift". That software takes advantage of a pair of Tinder flaws, including the lack of HTTPS encryption. When you are looking at a new dating profile via Tinder, the non-encrypted HTTP request sent over the network leaves the entire request exposed, including the web address for the image you are viewing.



The other vulnerability the software takes advantage of is one that allows digital stalkers to discover your swipe data. The dating app indicates a left swipe, which is Tinder for profiles you don't like when it sends 278 bytes of encrypted data to the image servers of the company. If you like the profile and swipe right, the researchers say that the Tinder app sends 374 bytes of data. If the Tinder user matches with another Tinder user, the app sends 581 bytes of data.

By knowing how much data is sent to the Tinder servers, the software can determine if you liked, disliked, or matched with profiles. The software can spy on the Tinder app running on nearby smartphones, but there are some limitations. It only works if the hacker and the Tinder user are on the same Wi-Fi network.

The researchers do point out that neither of the vulnerabilities used by their software open up credit card numbers or passwords for accounts, making these hacks uninteresting for garden-variety hackers looking for money and access. "Knowing an ill-disposed attacker can view and document your every move on Tinder, who you like, or who you decide to chat with is definitely disturbing," the researchers said.

Tags:  security, App, Hack, Tinder
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment