In the News

Your Tinder secrets could be EXPOSED: Massive security flaws in the app could let strangers hijack your photos, spy on your swipes and see pictures of all your matches

24 Jan 2018 | By Phoebe Weston

Researchers from Tel Aviv-based security firm Checkmarx found it is possible for a hacker to take control of profile pictures and swap them for inappropriate content and rogue advertising.

One of the major issues is that the app does not currently use HTTPS encryption.

Researchers from Tel Aviv-based security firm Checkmarx found it is possible for a hacker to take control of profile pictures and swap them for inappropriate content and rogue advertising.

One of the major issues is that the app does not currently use HTTPS encryption.


</close>

Tinder’s Non-Existent Encryption Means Someone Could Be Watching Your Swipes

24 Jan 2018 | By Thomas Tamblyn

Researchers from an app security firm have made a rather worrying discovery about how encrypted certain parts of the dating app Tinder are.

The Tel Aviv-based firm Checkmarx discovered that if they were on the same WiFi network as someone using the app they could not only watch their swipes in real-time but could even inject their own images into that person’s app.

Researchers from an app security firm have made a rather worrying discovery about how encrypted certain parts of the dating app Tinder are.

The Tel Aviv-based firm Checkmarx discovered that if they were on the same WiFi network as someone using the app they could not only watch their swipes in real-time but could even inject their own images into that person’s app.


</close>

Tinder Vulnerability Lets Strangers See Your Photos & Matches

24 Jan 2018 | By Tyler Lee

Turns out even that might not be safe, thanks to the efforts of researchers from Tel Aviv-based security firm Checkmarx. According to the report from WIRED, it seems that there exists a vulnerability in the Tinder app that lets anyone connected to the same WiFi as you to potentially snoop in your Tinder photos and also see the matches that you might have made.

Turns out even that might not be safe, thanks to the efforts of researchers from Tel Aviv-based security firm Checkmarx. According to the report from WIRED, it seems that there exists a vulnerability in the Tinder app that lets anyone connected to the same WiFi as you to potentially snoop in your Tinder photos and also see the matches that you might have made.


</close>

Researchers find Tinder is a steaming hot … security mess

24 Jan 2018 | By Duncan Riley

The claim comes today from the Checkmarx Ltd. security team, which discovered what is described as “disturbing vulnerabilities in a highly popular dating application used by people across the globe.” The problems lies at the heart of how Tinder deals with information on the app, failing to use HTTPS-encryption on photos, meaning that potentially any photo on the app could be stolen and even additional photos injected into the app.

The claim comes today from the Checkmarx Ltd. security team, which discovered what is described as “disturbing vulnerabilities in a highly popular dating application used by people across the globe.” The problems lies at the heart of how Tinder deals with information on the app, failing to use HTTPS-encryption on photos, meaning that potentially any photo on the app could be stolen and even additional photos injected into the app.


</close>

Two Tinder Security Flaws Mean Strangers Can Spy On Your Swipes

24 Jan 2018 | By Leticia Miranda

Lurkers sharing an unsecured Wi-Fi network with you could see when you're swiping right or left on Tinder and when you start a chat with someone, according to security research published Tuesday. "It’s very simple to execute because the problem is, Tinder actually neglected to encrypt some of the data," Amit Ashbel, director of product marketing with the security firm Checkmarx, which led the study, told BuzzFeed News. "You just have to listen to the network and you’ll have the images available to you."

Lurkers sharing an unsecured Wi-Fi network with you could see when you’re swiping right or left on Tinder and when you start a chat with someone, according to security research published Tuesday. “It’s very simple to execute because the problem is, Tinder actually neglected to encrypt some of the data,” Amit Ashbel, director of product marketing with the security firm Checkmarx, which led the study, told BuzzFeed News. “You just have to listen to the network and you’ll have the images available to you.”


</close>

Researchers Say Tinder’s Limited Encryption Makes It Ripe for Hackers

24 Jan 2018 | By Emily Price

Researchers at Tel Aviv-based app security firm Checkmarx recently demonstrated that Tinder lacks basic HTTPS encryption for photos. That means that if they were on the same Wi-Fi network as someone using Tinder, they would be able to see the same photos that the Tinder user does on their phone and even inject their own images into the mix as well.

Researchers at Tel Aviv-based app security firm Checkmarx recently demonstrated that Tinder lacks basic HTTPS encryption for photos. That means that if they were on the same Wi-Fi network as someone using Tinder, they would be able to see the same photos that the Tinder user does on their phone and even inject their own images into the mix as well.


</close>

Tinder flaw could expose your swipes to snoops

24 Jan 2018 | By Selena Larson

There's a basic security measure missing from Tinder's mobile dating app.

And it could let prying eyes see your potential matches, along with whether you swiped left or right, a security firm has found. The issue was discovered by researchers at the security firm Checkmarx. The company says itstems from Tinder's decision to not use HTTPS, a security protocol, to encrypt photos on its iOS and Android apps.

There’s a basic security measure missing from Tinder’s mobile dating app.

And it could let prying eyes see your potential matches, along with whether you swiped left or right, a security firm has found. The issue was discovered by researchers at the security firm Checkmarx. The company says itstems from Tinder’s decision to not use HTTPS, a security protocol, to encrypt photos on its iOS and Android apps.


</close>

Flaws in Tinder App Put Users’ Privacy at Risk, Researchers Say

23 Jan 2018 | By Bree Fowler

Be careful as you swipe left and right—someone could be watching.

Security researchers say Tinder isn’t doing enough to secure its popular dating app, putting the privacy of users at risk.

A report released Tuesday by researchers from the cybersecurity firm Checkmarx identifies two security flaws in Tinder’s iOS and Android apps. When combined, the researchers say, the vulnerabilities give hackers a way to see which profile photos a user is looking at and how he or she reacts to those images—swiping right to show interest or left to reject a chance to connect.

Be careful as you swipe left and right—someone could be watching.

Security researchers say Tinder isn’t doing enough to secure its popular dating app, putting the privacy of users at risk.

A report released Tuesday by researchers from the cybersecurity firm Checkmarx identifies two security flaws in Tinder’s iOS and Android apps. When combined, the researchers say, the vulnerabilities give hackers a way to see which profile photos a user is looking at and how he or she reacts to those images—swiping right to show interest or left to reject a chance to connect.


</close>

Snoopers could eavesdrop on Tinder photos and swipes says security company

23 Jan 2018 | By Danny Palmer

Snoopers could be able to see images downloaded by Tinder users and whether users swiped left and right on them, according to a security company.

Uncovered by researchers at application security testing company Checkmarx, the vulnerabilities are based on an the use of an HTTP connection and a predictable HTTPS response size which allows attackers to decode encryption signatures and see what action the user took on the profile of another user.

Snoopers could be able to see images downloaded by Tinder users and whether users swiped left and right on them, according to a security company.

Uncovered by researchers at application security testing company Checkmarx, the vulnerabilities are based on an the use of an HTTP connection and a predictable HTTPS response size which allows attackers to decode encryption signatures and see what action the user took on the profile of another user.


</close>

Tinder’s Lack of Encryption Lets Strangers Spy on Your Swipes

23 Jan 2018 | By Andy Greenberg

On Tuesday, researchers at Tel Aviv-based app security firm Checkmarx demonstrated that Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder's apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target's phone nearly as easily as if they were looking over the target's shoulder. The researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.

On Tuesday, researchers at Tel Aviv-based app security firm Checkmarx demonstrated that Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder’s iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder’s apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target’s phone nearly as easily as if they were looking over the target’s shoulder. The researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.


</close>