Tinder fans have been warned about a Security flaw that lets hackers see who you’re swiping left and right on, and even change pictures on your profile.
Tinder is one of the world’s most popular dating apps, used by tens of millions of people each month on iOS and Android smartphones.
Tinder users swipe 1.6billion times each day trying to find the perfect match, and the app is used in 196 different countries.
But Tinder fans need to be aware of security flaws which could let complete stranger see every swipe and match you make in the app.
Researchers from Checkmarx discovered the “disturbing” vulnerabilities that affects both the iOS and Android versions of the dating app.
The flaws allow an attacker using the same Wi-Fi network as the user to monitor their every move on Tinder.
The first flaw is a result of the Tinder lacking HTTPS encryption for photos, opening the door for hackers to see pictures users are scrolling through.
The second security flaw lets hackers see data patterns for specific actions, such as swiping left and right.
By studying this data cyber criminals can see who users are matching with, monitoring “the user’s every move on the app”.
Checkmarx said hackers exploiting these vulnerabilities could change Tinder users pictures to inappropriate content.
Alternatively, they could use the private information from the user’s Tinder profile to target and blackmail them.
In a blog post outlining the security flaws, Checkmarx said: “The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app.
“It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).
“While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.”
Checkmarx added that the Tinder security flaws will not expose messages that users send to one another after they’ve been matched.
The Tel Aviv-based security firm also build a proof-of-concept software called TinderDrift to demonstrate the vulnerabilities.
They ran it on a laptop connected to a Wi-Fi network which other Tinder users were connected to, and it automatically reconstructed their entire session.
