Software Exposure is the new unknown. But not for long.
Manage Software Exposure at the Speed of DevOps
Gartner Magic Quadrant for Application Security Testing, 2018
The Complete Guide to Developer Secure Coding Education
CISO of Brussels Airlines answers "Why Checkmarx?"
Checkmarx is pioneering Software Exposure
Checkmarx in July unveiled its acquisition of Codebashing, an application security education company built by developers that uses gamification to train other developers. One month later, the company released an interactive application security testing platform that enables dynamic and continuous testing in real time with zero scan time, outstanding accuracy and seamless implementation.
Israeli security firm Checkmarx released a report on the subject, entitled “Are You on Tinder? Someone May Be Watching You Swipe.” The paper covers two distinct and potentially troubling flaws. The first takes advantage of unsecured Tinder protocols; the second can discern what happens behind secured connections with a little basic math.
The vulnerabilities were uncovered by cyber security firm Checkmarx, which describes them as “disturbing”.
It discovered that the Tinder app lacks basic HTTPS encryption for profile pictures, allowing anyone using the same Wi-Fi network as you to see the same profiles you come across on the app.
Checkmarx also found that different actions within the app produce specific patterns of bytes that are recognisable even in encrypted form.
Researchers from Checkmarx have released a report titled ‘Are You on Tinder? Someone May Be Watching You Swipe’ in which they explain Tinder’s lack of HTTPS encryption.
The researchers built a proof-of-concept app called TinderDrift, that can reconstruct a user’s Tinder activity if the person is on the same Wi-Fi network.
Dismiss it as a cheesy idea if you like, but Tinder claims to process 1,600,000,000 swipes a day and to set up 1,000,000 dates a week.
At more than 11,000 swipes per date, that means that a lot of data is flowing back and forth between you and Tinder while you search for the right person.
You’d therefore like to think that Tinder takes the usual basic precautions to keep all those images secure in transit – both when other people’s images are being sent to you, and yours to other people.
Researchers from Tel Aviv-based security firm Checkmarx found it is possible for a hacker to take control of profile pictures and swap them for inappropriate content and rogue advertising.
One of the major issues is that the app does not currently use HTTPS encryption.
Researchers from an app security firm have made a rather worrying discovery about how encrypted certain parts of the dating app Tinder are.
The Tel Aviv-based firm Checkmarx discovered that if they were on the same WiFi network as someone using the app they could not only watch their swipes in real-time but could even inject their own images into that person’s app.
Turns out even that might not be safe, thanks to the efforts of researchers from Tel Aviv-based security firm Checkmarx. According to the report from WIRED, it seems that there exists a vulnerability in the Tinder app that lets anyone connected to the same WiFi as you to potentially snoop in your Tinder photos and also see the matches that you might have made.
The claim comes today from the Checkmarx Ltd. security team, which discovered what is described as “disturbing vulnerabilities in a highly popular dating application used by people across the globe.” The problems lies at the heart of how Tinder deals with information on the app, failing to use HTTPS-encryption on photos, meaning that potentially any photo on the app could be stolen and even additional photos injected into the app.
Lurkers sharing an unsecured Wi-Fi network with you could see when you're swiping right or left on Tinder and when you start a chat with someone, according to security research published Tuesday. "It’s very simple to execute because the problem is, Tinder actually neglected to encrypt some of the data," Amit Ashbel, director of product marketing with the security firm Checkmarx, which led the study, told BuzzFeed News. "You just have to listen to the network and you’ll have the images available to you."
Lurkers sharing an unsecured Wi-Fi network with you could see when you’re swiping right or left on Tinder and when you start a chat with someone, according to security research published Tuesday. “It’s very simple to execute because the problem is, Tinder actually neglected to encrypt some of the data,” Amit Ashbel, director of product marketing with the security firm Checkmarx, which led the study, told BuzzFeed News. “You just have to listen to the network and you’ll have the images available to you.”