Researchers at Checkmarx, a firm which assists developers in security testing, have identified problems with Tinder’s user security.
A Tuesday blog post entitled ‘Are You on Tinder? Someone May Be Watching You Swipe’ describes “disturbing vulnerabilities” on the platform.
An attacker on the same Wi-Fi network as a user would be able to see which photos were swiped on because of insecure HTTP protocols.
HTTPS, the more secure and encrypted version of HTTP, would be a better option for programmers looking to allay privacy concerns.
The HTTP vulnerability was found on both iOS and Android versions of the app.
One malicious way hackers could exploit the weakness would be to edit the images a user sees, potentially replacing them with adverts.
A second weakness saw files on likes and Super Likes easily identifiable by their size – although the data is encrypted, it is still straightforward to see which file represents which action.
cnet.com reports that “The security firm disclosed the vulnerabilities to Tinder several months ago and they haven’t been fixed yet, so Checkmarx decided to make them public.”
The video below demonstrates how a hacker might exploit Tinder’s security flaws: