In the News

Researchers Say Tinder’s Limited Encryption Makes It Ripe for Hackers

24 Jan 2018 | By Emily Price

Researchers at Tel Aviv-based app security firm Checkmarx recently demonstrated that Tinder lacks basic HTTPS encryption for photos. That means that if they were on the same Wi-Fi network as someone using Tinder, they would be able to see the same photos that the Tinder user does on their phone and even inject their own images into the mix as well.

Researchers at Tel Aviv-based app security firm Checkmarx recently demonstrated that Tinder lacks basic HTTPS encryption for photos. That means that if they were on the same Wi-Fi network as someone using Tinder, they would be able to see the same photos that the Tinder user does on their phone and even inject their own images into the mix as well.


</close>

Tinder flaw could expose your swipes to snoops

24 Jan 2018 | By Selena Larson

There's a basic security measure missing from Tinder's mobile dating app.

And it could let prying eyes see your potential matches, along with whether you swiped left or right, a security firm has found. The issue was discovered by researchers at the security firm Checkmarx. The company says itstems from Tinder's decision to not use HTTPS, a security protocol, to encrypt photos on its iOS and Android apps.

There’s a basic security measure missing from Tinder’s mobile dating app.

And it could let prying eyes see your potential matches, along with whether you swiped left or right, a security firm has found. The issue was discovered by researchers at the security firm Checkmarx. The company says itstems from Tinder’s decision to not use HTTPS, a security protocol, to encrypt photos on its iOS and Android apps.


</close>

Flaws in Tinder App Put Users’ Privacy at Risk, Researchers Say

23 Jan 2018 | By Bree Fowler

Be careful as you swipe left and right—someone could be watching.

Security researchers say Tinder isn’t doing enough to secure its popular dating app, putting the privacy of users at risk.

A report released Tuesday by researchers from the cybersecurity firm Checkmarx identifies two security flaws in Tinder’s iOS and Android apps. When combined, the researchers say, the vulnerabilities give hackers a way to see which profile photos a user is looking at and how he or she reacts to those images—swiping right to show interest or left to reject a chance to connect.

Be careful as you swipe left and right—someone could be watching.

Security researchers say Tinder isn’t doing enough to secure its popular dating app, putting the privacy of users at risk.

A report released Tuesday by researchers from the cybersecurity firm Checkmarx identifies two security flaws in Tinder’s iOS and Android apps. When combined, the researchers say, the vulnerabilities give hackers a way to see which profile photos a user is looking at and how he or she reacts to those images—swiping right to show interest or left to reject a chance to connect.


</close>

Snoopers could eavesdrop on Tinder photos and swipes says security company

23 Jan 2018 | By Danny Palmer

Snoopers could be able to see images downloaded by Tinder users and whether users swiped left and right on them, according to a security company.

Uncovered by researchers at application security testing company Checkmarx, the vulnerabilities are based on an the use of an HTTP connection and a predictable HTTPS response size which allows attackers to decode encryption signatures and see what action the user took on the profile of another user.

Snoopers could be able to see images downloaded by Tinder users and whether users swiped left and right on them, according to a security company.

Uncovered by researchers at application security testing company Checkmarx, the vulnerabilities are based on an the use of an HTTP connection and a predictable HTTPS response size which allows attackers to decode encryption signatures and see what action the user took on the profile of another user.


</close>

Tinder’s Lack of Encryption Lets Strangers Spy on Your Swipes

23 Jan 2018 | By Andy Greenberg

On Tuesday, researchers at Tel Aviv-based app security firm Checkmarx demonstrated that Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder's apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target's phone nearly as easily as if they were looking over the target's shoulder. The researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.

On Tuesday, researchers at Tel Aviv-based app security firm Checkmarx demonstrated that Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder’s iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder’s apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target’s phone nearly as easily as if they were looking over the target’s shoulder. The researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.


</close>

Are You on Tinder? Someone May Be Watching You Swipe

23 Jan 2018 | By Dafna Zahger

After undergoing the responsible disclosure procedure with Tinder’s security team, Checkmarx’s Security Research Team decided to release their research describing two major Tinder vulnerabilities.

 

Launched in 2012, Tinder is one of the first “swiping apps” allowing users to swipe through profiles to ultimately make social connections; swiping right for a profile they like, swiping left to move on to the next profile indicating lack of interest or “super liking” with an upward swipe. The application is most commonly used as a dating platform, having matched over 20 billion people to date and used in 196 countries.

After undergoing the responsible disclosure procedure with Tinder’s security team, Checkmarx’s Security Research Team decided to release their research describing two major Tinder vulnerabilities.

 

Launched in 2012, Tinder is one of the first “swiping apps” allowing users to swipe through profiles to ultimately make social connections; swiping right for a profile they like, swiping left to move on to the next profile indicating lack of interest or “super liking” with an upward swipe. The application is most commonly used as a dating platform, having matched over 20 billion people to date and used in 196 countries.


</close>

Tinder Security Bug: Encryption Flaw Exposes Photos, Swipes To Hackers

23 Jan 2018 | By AJ Dellinger

Application security testing company Checkmarx first identified the issue , which allows an attacker to decode encryption signatures in both the iOS and Android version of Tinder to see what actions a user took while viewing the profile of another user.

According to the researchers, most aspects of Tinder uses the HTTPS communications protocol, which creates a secure and encrypted tunnel that allows information to travel between the user’s device and Tinder’s servers while using the app.

Application security testing company Checkmarx first identified the issue , which allows an attacker to decode encryption signatures in both the iOS and Android version of Tinder to see what actions a user took while viewing the profile of another user.

According to the researchers, most aspects of Tinder uses the HTTPS communications protocol, which creates a secure and encrypted tunnel that allows information to travel between the user’s device and Tinder’s servers while using the app.


</close>

Tinder flaws could expose your swipes to prying eyes

23 Jan 2018 | By Swapna Krishna

Today, the security firm Checkmarx released troubling information about two vulnerabilities within Tinder, the popular dating app. The issues are present in both the iOS and Android app and allow a user on the same network to monitor what a person is doing on Tinder. Additionally, an attacker could control the pictures a user sees on Tinder; it's possible to swap them out for malicious content.

It's important to note that what a hacker could do through these flaws is relatively narrow, but it does allow a person to gain access to sensitive personal information. The issue is due to a lack of HTTPS encryption on photos; other elements of the app that do require this kind of encryption still leaked enough information to be able to monitor a user's actions.

Today, the security firm Checkmarx released troubling information about two vulnerabilities within Tinder, the popular dating app. The issues are present in both the iOS and Android app and allow a user on the same network to monitor what a person is doing on Tinder. Additionally, an attacker could control the pictures a user sees on Tinder; it’s possible to swap them out for malicious content.

It’s important to note that what a hacker could do through these flaws is relatively narrow, but it does allow a person to gain access to sensitive personal information. The issue is due to a lack of HTTPS encryption on photos; other elements of the app that do require this kind of encryption still leaked enough information to be able to monitor a user’s actions.


</close>

Tinder flaws could expose your swipes to prying eyes

23 Jan 2018 | By Swapna Krishna

Today, the security firm Checkmarx released troubling information about two vulnerabilities within Tinder, the popular dating app. The issues are present in both the iOS and Android app and allow a user on the same network to monitor what a person is doing on Tinder. Additionally, an attacker could control the pictures a user sees on Tinder; it's possible to swap them out for malicious content.

It's important to note that what a hacker could do through these flaws is relatively narrow, but it does allow a person to gain access to sensitive personal information. The issue is due to a lack of HTTPS encryption on photos; other elements of the app that do require this kind of encryption still leaked enough information to be able to monitor a user's actions.

Today, the security firm Checkmarx released troubling information about two vulnerabilities within Tinder, the popular dating app. The issues are present in both the iOS and Android app and allow a user on the same network to monitor what a person is doing on Tinder. Additionally, an attacker could control the pictures a user sees on Tinder; it’s possible to swap them out for malicious content.

It’s important to note that what a hacker could do through these flaws is relatively narrow, but it does allow a person to gain access to sensitive personal information. The issue is due to a lack of HTTPS encryption on photos; other elements of the app that do require this kind of encryption still leaked enough information to be able to monitor a user’s actions.


</close>

APP FLAWS ALLOW SNOOPS TO SPY ON TINDER USERS, RESEARCHERS SAY

23 Jan 2018 | By Christopher Kanaracus

Researchers at Checkmarx say they have discovered a pair of vulnerabilities in the Tinder Android and iOS dating applications that could allow an attacker to snoop on user activity and manipulate content, compromising user privacy and putting them at risk.

Attackers can view a user’s Tinder profile, see the profile images they view and determine the actions they take, such as swiping left or right, if they are on the same wi-fi network as a target, according to a Checkmarx report released Tuesday.

Researchers at Checkmarx say they have discovered a pair of vulnerabilities in the Tinder Android and iOS dating applications that could allow an attacker to snoop on user activity and manipulate content, compromising user privacy and putting them at risk.

Attackers can view a user’s Tinder profile, see the profile images they view and determine the actions they take, such as swiping left or right, if they are on the same wi-fi network as a target, according to a Checkmarx report released Tuesday.


</close>