UPDATED 21:29 EST / JANUARY 23 2018

APPS

Researchers find Tinder is a steaming hot … security mess

Months after a journalist found that online dating app Tinder gathered staggering amounts of information about users, security researchers have discovered that at least some of that information could be easily stolen due to inadequate security used by the app.

The claim comes today from the Checkmarx Ltd. security team, which discovered what is described as “disturbing vulnerabilities in a highly popular dating application used by people across the globe.” The problems lies at the heart of how Tinder deals with information on the app, failing to use HTTPS-encryption on photos, meaning that potentially any photo on the app could be stolen and even additional photos injected into the app.

“The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app,” the researchers explained. “It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content.”

The research goes on to note that though no credential theft or immediate financial impact is involved in the initial process, the data stolen could result in an attacker blackmailing a vulnerable user.

The lack of properly secure photo transmission raises questions as to how much a user is willing to ignore security vulnerabilities on a given app. “Knowing an ill-disposed attacker can view and document your every move on Tinder, who you like, or who you decide to chat with is definitely disturbing,” the researchers add. “But, is it enough to have you abandon the app altogether? Most apps nowadays seem to be vulnerable so what’s the alternative? Is it at the smallest compromise of our privacy or do we shrug it off until sensitive data is stolen?”

Checkmarx believes that Tinder should encrypt all their photos as soon as possible and also add extra code to commands in the app to ensure that they’re indecipherable to anyone who gains access to it.

Photo: gabrielesteffan/Flickr

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.