Tinder flaw could expose your swipes to snoops

There's a basic security measure missing from Tinder's mobile dating app.And it could let prying eyes see your...

Posted: Jan 24, 2018 8:21 AM
Updated: Jan 24, 2018 8:21 AM

There's a basic security measure missing from Tinder's mobile dating app.

And it could let prying eyes see your potential matches, along with whether you swiped left or right, a security firm has found.

The issue was discovered by researchers at the security firm Checkmarx. The company says it stems from Tinder's decision to not use HTTPS, a security protocol, to encrypt photos on its iOS and Android apps.

Sites that use HTTPS, compared to HTTP, encrypt communications between the user's browser or app and web server, so information is protected against hackers or eavesdroppers.

Because photos are not encrypted, it's possible for eavesdroppers on the same Wi-Fi network to monitor a user's behavior on the dating app and see photos of a user and potential matches. It also allows someone to inject images or malicious content into the app feed.

The lack of encryption could let a snoop spy on your Tinder activity in places like coffee shops or at work. Though no passwords or other sensitive data is leaking, researchers said this tactic could potentially be used to blackmail someone.

Tinder says it knows about the missing encryption. A Tinder spokesperson told CNNTech in an email Tuesday that photos on the Tinder app are publicly available to anyone using Tinder. The company said its desktop and mobile web platforms already encrypt images, and it is working toward encrypting them in the app.

Erez Yalon, manager of application security research at Checkmarx, said the application should be fixed to prevent potential spying. He added that he reported the issue to Tinder in mid-November.

Related: This $18 key can protect you from hackers

"There's absolutely no reason not to use HTTPS for everything," Yalon told CNNTech. "Letting sensitive data be transferred unencrypted is wrong."

Tinder encrypts other information within the app, but it was possible for researchers to figure out patterns that correlate to swiping left, right, and matching with someone. For example, swiping left is represented by 278 bytes each time.

By pairing swiping data with visible images, researchers showed it's possible for a hacker to see on whom someone swiped left or right. The firm created an app called Tinder Drift to demonstrate a potential spying scenario.

West Lafayette
Few Clouds
84° wxIcon
Hi: 81° Lo: 60°
Feels Like: 86°
Kokomo
Scattered Clouds
80° wxIcon
Hi: 81° Lo: 58°
Feels Like: 82°
Rensselaer
Broken Clouds
77° wxIcon
Hi: 79° Lo: 57°
Feels Like: 79°
Fowler
Broken Clouds
77° wxIcon
Hi: 81° Lo: 58°
Feels Like: 79°
Williamsport
Overcast
75° wxIcon
Hi: 82° Lo: 59°
Feels Like: 75°
Crawfordsville
Scattered Clouds
79° wxIcon
Hi: 80° Lo: 59°
Feels Like: 81°
Frankfort
Broken Clouds
81° wxIcon
Hi: 80° Lo: 58°
Feels Like: 84°
Delphi
Clear
80° wxIcon
Hi: 84° Lo: 58°
Feels Like: 81°
Monticello
Clear
80° wxIcon
Hi: 84° Lo: 58°
Feels Like: 81°
Logansport
Scattered Clouds
81° wxIcon
Hi: 80° Lo: 57°
Feels Like: 82°
WLFI Radar
WLFI Temps
WLFI Planner

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 51079

Reported Deaths: 2756
CountyConfirmedDeaths
Marion12019693
Lake5588248
Elkhart353959
Allen2939134
St. Joseph210669
Hamilton1691101
Cass16449
Hendricks1454100
Johnson1340118
Porter82638
Tippecanoe7709
Vanderburgh7276
Clark69544
Madison67464
LaPorte61628
Howard59858
Bartholomew59745
Kosciusko5754
Marshall5449
Noble51328
LaGrange4849
Boone48244
Jackson4783
Delaware47152
Hancock46736
Shelby45425
Floyd40644
Morgan34231
Monroe34028
Grant31826
Dubois3046
Henry30018
Montgomery29720
Clinton2903
White27410
Dearborn25823
Decatur25632
Lawrence25225
Vigo2528
Warrick25029
Harrison21722
Greene19432
Miami1932
Jennings17912
Putnam1738
DeKalb1694
Scott1649
Wayne1546
Daviess15017
Perry14710
Orange13723
Steuben1362
Jasper1352
Ripley1307
Franklin1278
Gibson1202
Wabash1162
Carroll1142
Fayette1067
Whitley1066
Starke1043
Newton10010
Huntington942
Jefferson862
Wells821
Randolph794
Fulton731
Knox710
Jay700
Washington681
Pulaski661
Clay645
Rush613
Posey570
Spencer541
Owen521
Benton510
Sullivan501
Adams491
Brown431
Blackford402
Fountain352
Crawford330
Switzerland320
Tipton321
Parke270
Martin260
Ohio230
Vermillion200
Warren151
Union140
Pike110
Unassigned0193

COVID-19 Important links and resources

As the spread of COVID-19, or as it's more commonly known as the coronavirus continues, this page will serve as your one-stop for the resources you need to stay informed and to keep you and your family safe. CLICK HERE

Closings related to the prevention of the COVID-19 can be found on our Closings page.

Community Events