Tinder flaw could expose your swipes to snoops

There's a basic security measure missing from Tinder's mobile dating app.And it could let prying eyes see your...

Posted: Jan 24, 2018 7:21 AM
Updated: Jan 24, 2018 7:21 AM

There's a basic security measure missing from Tinder's mobile dating app.

And it could let prying eyes see your potential matches, along with whether you swiped left or right, a security firm has found.

The issue was discovered by researchers at the security firm Checkmarx. The company says it stems from Tinder's decision to not use HTTPS, a security protocol, to encrypt photos on its iOS and Android apps.

Sites that use HTTPS, compared to HTTP, encrypt communications between the user's browser or app and web server, so information is protected against hackers or eavesdroppers.

Because photos are not encrypted, it's possible for eavesdroppers on the same Wi-Fi network to monitor a user's behavior on the dating app and see photos of a user and potential matches. It also allows someone to inject images or malicious content into the app feed.

The lack of encryption could let a snoop spy on your Tinder activity in places like coffee shops or at work. Though no passwords or other sensitive data is leaking, researchers said this tactic could potentially be used to blackmail someone.

Tinder says it knows about the missing encryption. A Tinder spokesperson told CNNTech in an email Tuesday that photos on the Tinder app are publicly available to anyone using Tinder. The company said its desktop and mobile web platforms already encrypt images, and it is working toward encrypting them in the app.

Erez Yalon, manager of application security research at Checkmarx, said the application should be fixed to prevent potential spying. He added that he reported the issue to Tinder in mid-November.

Related: This $18 key can protect you from hackers

"There's absolutely no reason not to use HTTPS for everything," Yalon told CNNTech. "Letting sensitive data be transferred unencrypted is wrong."

Tinder encrypts other information within the app, but it was possible for researchers to figure out patterns that correlate to swiping left, right, and matching with someone. For example, swiping left is represented by 278 bytes each time.

By pairing swiping data with visible images, researchers showed it's possible for a hacker to see on whom someone swiped left or right. The firm created an app called Tinder Drift to demonstrate a potential spying scenario.

Minnesota Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 41571

Reported Deaths: 1537
CountyConfirmedDeaths
Hennepin13328790
Ramsey5169232
Dakota265596
Stearns249619
Anoka2393111
Nobles16846
Olmsted125920
Washington125541
Mower9822
Rice8798
Scott8584
Clay61238
Kandiyohi5901
Blue Earth5632
Wright5285
Carver4691
Todd4022
Sherburne3625
Lyon3332
Freeborn3120
Watonwan2670
Steele2451
Benton2363
St. Louis22316
Nicollet20312
Martin1755
Cottonwood1420
Winona14115
Goodhue1408
Le Sueur1251
Crow Wing11312
Pine1120
Otter Tail1111
Chisago1071
McLeod1000
Dodge960
Carlton900
Polk883
Unassigned8838
Isanti810
Chippewa801
Waseca770
Murray730
Itasca7112
Douglas700
Pipestone694
Morrison641
Becker620
Meeker621
Faribault610
Sibley582
Jackson570
Pennington530
Beltrami470
Brown442
Mille Lacs392
Wabasha380
Renville372
Fillmore350
Rock340
Swift331
Houston320
Yellow Medicine310
Grant250
Roseau250
Redwood230
Wilkin223
Koochiching211
Norman210
Cass192
Big Stone170
Kanabec171
Lincoln170
Wadena170
Aitkin150
Marshall130
Pope130
Clearwater120
Stevens110
Hubbard100
Mahnomen101
Lake60
Traverse60
Lac qui Parle50
Red Lake40
Kittson20
Cook10
Lake of the Woods00

Iowa Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 34564

Reported Deaths: 747
CountyConfirmedDeaths
Polk7332184
Woodbury332944
Black Hawk249259
Buena Vista173711
Johnson14268
Dallas138531
Linn138183
Marshall109219
Scott103110
Dubuque94023
Story8575
Pottawattamie82112
Wapello71431
Muscatine68745
Crawford6803
Sioux5010
Tama48329
Wright3971
Louisa36513
Webster3655
Plymouth3465
Jasper34417
Warren3191
Dickinson2993
Cerro Gordo2841
Washington2519
Hamilton2011
Boone1681
Clay1491
Clarke1433
Allamakee1384
Clinton1321
Shelby1200
Mahaska11917
Carroll1131
Poweshiek1128
Bremer1107
Pocahontas1071
Franklin1040
Des Moines1002
Cedar951
Emmet950
Henry933
Hardin900
Cherokee831
Floyd812
Taylor810
Marion800
Monona780
Benton751
Guthrie754
Jones710
Butler682
Osceola680
Sac680
Buchanan631
Calhoun632
Iowa631
Jefferson620
Hancock601
Harrison600
Humboldt601
Fayette570
Jackson570
Lyon570
Delaware561
Madison552
Lee542
Monroe527
Palo Alto510
Clayton503
Grundy470
Mills470
Winneshiek460
Mitchell440
Davis421
Kossuth410
Union380
Howard370
Lucas354
Unassigned350
Winnebago340
Greene300
Chickasaw290
Cass280
Ida230
Keokuk231
Worth220
Appanoose213
Page210
Van Buren210
Audubon181
Adair170
Ringgold161
Decatur130
Montgomery122
Wayne110
Fremont100
Adams80
Rochester
Clear
74° wxIcon
Hi: 80° Lo: 58°
Feels Like: 74°
Mason City
Clear
77° wxIcon
Hi: 82° Lo: 59°
Feels Like: 79°
Albert Lea
Clear
73° wxIcon
Hi: 80° Lo: 59°
Feels Like: 73°
Austin
Clear
73° wxIcon
Hi: 81° Lo: 59°
Feels Like: 73°
Charles City
Clear
77° wxIcon
Hi: 82° Lo: 60°
Feels Like: 79°
Chance for more storms Monday
KIMT Radar
KIMT Eye in the sky

Latest Video

Image

Sean's Sunday Weather

Image

Dave Main 10p Wx

Image

Virtual campaigning during pandemic

Image

Former NIACC coach Travis Hergert back in big league camp with the Phillies

Image

New ICE guidelines causing concern for international students

Image

Dave Main 6p Weather 7/11

Image

Connecting with a loved one with dementia during the pandemic

Image

Bruins set to host all-star game

Image

COVID-19 Cases Expected to Spike in North Iowa

Image

Training hard for a season that might not happen

Community Events