This Bug Could Expose Your Tinder Swipes

Security researchers take discovered that your Tinder swipes might not be as private as you thought.

SecurityWatch The dating app does not still use HTTPS encryption when it comes to fetching images, according to security business firm Checkmarx. This lack of encryption ways your Tinder activeness could be exposed over a local Wi-Fi network, revealing Tinder likes and matches in existent fourth dimension.

Researchers at Checkmarx demoed their set on in a YouTube video using a custom-made programme called "TinderDrift." It leveraged two vulnerabilities, the beginning of which exploited the lack of HTTPS encryption.

When the Tinder app shows you lot a new dating profile, it does so by making a non-encrypted HTTP asking over the network. This can leave the entire asking, including the web address for the image, exposed.

The researchers paired this with another vulnerability that tin discern your Tinder swipes. They found the dating app indicates a left swipe (for profiles you don't like) whenever it sends 278 bytes of encrypted data to the company's epitome server.

For a right swipe (on dating profile you like), it'll transport 374 bytes. When it comes to matches that appear on Tinder, the app will ship 581 bytes.

Past combining both vulnerabilities, the researchers were able to spy on a Tinder app running on a nearby smartphone. Fortunately, the hack has limitations; it only works when the attacker is on the aforementioned Wi-Fi network equally the victim, for example.

"This is possible via whatsoever public hotspot. Other scenarios where an attacker can intercept traffic include VPN or company administrators," the researchers said in their report.

The vulnerabilities also don't involve credit cards or passwords, making them of little use to common cybercriminals. Nevertheless, Checkmarx found the lack of encryption to be problematic. "Knowing an sick-tending assaulter can view and document your every motion on Tinder, who y'all like, or who y'all decide to conversation with is definitely disturbing," the company said.

The security researchers sent their findings to Tinder, which said it'southward working to roll out encryption for the app's image fetching. Both the desktop and mobile web versions of the dating app already use the encryption.

"Like every other technology visitor, we are constantly improving our defenses in the battle against malicious hackers," the visitor said.