Israeli security firm discovers Tinder defect could expose users' actions on app

Researchers from an Israeli security firm discovered that when Tinder users are connected to a shared Wi-Fi network, they are able to see other users' pictures and actions. The security firm stated that Tinder still has not fixed the encryption flaw.
Photo Credit: Screenshot from Israel News Company

Israeli data security firm Checkmarx discovered a serious security flaw in Tinder, the popular dating app. Researchers from the Ramat Gan-based firm noticed that Tinder for both iOS and Android does not have the basic encryption components for photographs found in most apps, such as WhatsApp or Telegram.

According to the Israeli researchers, Tinder users connected to the same Wi-Fi network are able to see any picture the other user has seen or even replace the other user’s profile pictures. Although most other user information is highly protected, the researchers also found that hackers can see users’ every swipe.

Checkmarx Product Marketing Department Director Amit Ashbel said that the data security firm contacted Tinder regarding the issue, but the dating app still has not fixed the security flaw. “You’re using an app you think is private, but you actually have someone standing over your shoulder looking at everything,” Ashbel said. “The only way to prevent the breach is not to connect to an open or unknown network.” Tinder released the following statement: “Like every other technology company, we are constantly improving our defenses in the battle against malicious hackers. For example, our desktop and mobile web platforms already encrypt profile images, and we are working towards encrypting images on our app experience as well. However, we do not go into any further detail on the specific security tools we use or enhancements we may implement to avoid tipping off would-be hackers.”

Click here to JerusalemOnline homepage