In the News

Tinder Flaw Lets Anyone Snoop on Your Swipes

24 Jan 2018 | By Marshall Honorof

Israeli security firm Checkmarx released a report on the subject, entitled “Are You on Tinder? Someone May Be Watching You Swipe.” The paper covers two distinct and potentially troubling flaws. The first takes advantage of unsecured Tinder protocols; the second can discern what happens behind secured connections with a little basic math.

Israeli security firm Checkmarx released a report on the subject, entitled “Are You on Tinder? Someone May Be Watching You Swipe.” The paper covers two distinct and potentially troubling flaws. The first takes advantage of unsecured Tinder protocols; the second can discern what happens behind secured connections with a little basic math.


</close>

Tinder app can let people see who you match with and swipe left or right on

24 Jan 2018 | By Aatif Sulleyman

The vulnerabilities were uncovered by cyber security firm Checkmarx, which describes them as “disturbing”.

It discovered that the Tinder app lacks basic HTTPS encryption for profile pictures, allowing anyone using the same Wi-Fi network as you to see the same profiles you come across on the app.

Checkmarx also found that different actions within the app produce specific patterns of bytes that are recognisable even in encrypted form.

The vulnerabilities were uncovered by cyber security firm Checkmarx, which describes them as “disturbing”.

It discovered that the Tinder app lacks basic HTTPS encryption for profile pictures, allowing anyone using the same Wi-Fi network as you to see the same profiles you come across on the app.

Checkmarx also found that different actions within the app produce specific patterns of bytes that are recognisable even in encrypted form.


</close>

Hackers can see and edit your Tinder pictures and matches simply by joining the same Wi-Fi network as you

24 Jan 2018 | By Shivali Best

Researchers from Checkmarx have released a report titled ‘Are You on Tinder? Someone May Be Watching You Swipe’ in which they explain Tinder’s lack of HTTPS encryption.

The researchers built a proof-of-concept app called TinderDrift, that can reconstruct a user’s Tinder activity if the person is on the same Wi-Fi network.

Researchers from Checkmarx have released a report titled ‘Are You on Tinder? Someone May Be Watching You Swipe’ in which they explain Tinder’s lack of HTTPS encryption.

The researchers built a proof-of-concept app called TinderDrift, that can reconstruct a user’s Tinder activity if the person is on the same Wi-Fi network.


</close>

Tinder user? Lack of encryption means stalkers can watch you at it…

24 Jan 2018 | By Paul Ducklin

Dismiss it as a cheesy idea if you like, but Tinder claims to process 1,600,000,000 swipes a day and to set up 1,000,000 dates a week.

At more than 11,000 swipes per date, that means that a lot of data is flowing back and forth between you and Tinder while you search for the right person.

You’d therefore like to think that Tinder takes the usual basic precautions to keep all those images secure in transit – both when other people’s images are being sent to you, and yours to other people.

Dismiss it as a cheesy idea if you like, but Tinder claims to process 1,600,000,000 swipes a day and to set up 1,000,000 dates a week.

At more than 11,000 swipes per date, that means that a lot of data is flowing back and forth between you and Tinder while you search for the right person.

You’d therefore like to think that Tinder takes the usual basic precautions to keep all those images secure in transit – both when other people’s images are being sent to you, and yours to other people.


</close>

Your Tinder secrets could be EXPOSED: Massive security flaws in the app could let strangers hijack your photos, spy on your swipes and see pictures of all your matches

24 Jan 2018 | By Phoebe Weston

Researchers from Tel Aviv-based security firm Checkmarx found it is possible for a hacker to take control of profile pictures and swap them for inappropriate content and rogue advertising.

One of the major issues is that the app does not currently use HTTPS encryption.

Researchers from Tel Aviv-based security firm Checkmarx found it is possible for a hacker to take control of profile pictures and swap them for inappropriate content and rogue advertising.

One of the major issues is that the app does not currently use HTTPS encryption.


</close>

Tinder’s Non-Existent Encryption Means Someone Could Be Watching Your Swipes

24 Jan 2018 | By Thomas Tamblyn

Researchers from an app security firm have made a rather worrying discovery about how encrypted certain parts of the dating app Tinder are.

The Tel Aviv-based firm Checkmarx discovered that if they were on the same WiFi network as someone using the app they could not only watch their swipes in real-time but could even inject their own images into that person’s app.

Researchers from an app security firm have made a rather worrying discovery about how encrypted certain parts of the dating app Tinder are.

The Tel Aviv-based firm Checkmarx discovered that if they were on the same WiFi network as someone using the app they could not only watch their swipes in real-time but could even inject their own images into that person’s app.


</close>

Tinder Vulnerability Lets Strangers See Your Photos & Matches

24 Jan 2018 | By Tyler Lee

Turns out even that might not be safe, thanks to the efforts of researchers from Tel Aviv-based security firm Checkmarx. According to the report from WIRED, it seems that there exists a vulnerability in the Tinder app that lets anyone connected to the same WiFi as you to potentially snoop in your Tinder photos and also see the matches that you might have made.

Turns out even that might not be safe, thanks to the efforts of researchers from Tel Aviv-based security firm Checkmarx. According to the report from WIRED, it seems that there exists a vulnerability in the Tinder app that lets anyone connected to the same WiFi as you to potentially snoop in your Tinder photos and also see the matches that you might have made.


</close>

Researchers find Tinder is a steaming hot … security mess

24 Jan 2018 | By Duncan Riley

The claim comes today from the Checkmarx Ltd. security team, which discovered what is described as “disturbing vulnerabilities in a highly popular dating application used by people across the globe.” The problems lies at the heart of how Tinder deals with information on the app, failing to use HTTPS-encryption on photos, meaning that potentially any photo on the app could be stolen and even additional photos injected into the app.

The claim comes today from the Checkmarx Ltd. security team, which discovered what is described as “disturbing vulnerabilities in a highly popular dating application used by people across the globe.” The problems lies at the heart of how Tinder deals with information on the app, failing to use HTTPS-encryption on photos, meaning that potentially any photo on the app could be stolen and even additional photos injected into the app.


</close>

Two Tinder Security Flaws Mean Strangers Can Spy On Your Swipes

24 Jan 2018 | By Leticia Miranda

Lurkers sharing an unsecured Wi-Fi network with you could see when you're swiping right or left on Tinder and when you start a chat with someone, according to security research published Tuesday. "It’s very simple to execute because the problem is, Tinder actually neglected to encrypt some of the data," Amit Ashbel, director of product marketing with the security firm Checkmarx, which led the study, told BuzzFeed News. "You just have to listen to the network and you’ll have the images available to you."

Lurkers sharing an unsecured Wi-Fi network with you could see when you’re swiping right or left on Tinder and when you start a chat with someone, according to security research published Tuesday. “It’s very simple to execute because the problem is, Tinder actually neglected to encrypt some of the data,” Amit Ashbel, director of product marketing with the security firm Checkmarx, which led the study, told BuzzFeed News. “You just have to listen to the network and you’ll have the images available to you.”


</close>

Researchers Say Tinder’s Limited Encryption Makes It Ripe for Hackers

24 Jan 2018 | By Emily Price

Researchers at Tel Aviv-based app security firm Checkmarx recently demonstrated that Tinder lacks basic HTTPS encryption for photos. That means that if they were on the same Wi-Fi network as someone using Tinder, they would be able to see the same photos that the Tinder user does on their phone and even inject their own images into the mix as well.

Researchers at Tel Aviv-based app security firm Checkmarx recently demonstrated that Tinder lacks basic HTTPS encryption for photos. That means that if they were on the same Wi-Fi network as someone using Tinder, they would be able to see the same photos that the Tinder user does on their phone and even inject their own images into the mix as well.


</close>

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.