Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Privacy

Tinder's Lack of Encryption Lets Strangers Spy on Your Swipes (wired.com) 49

Tinder's mobile apps still lack the standard encryption necessary to keep your photos, swipes, and matches hidden from snoops, a security firm reports. From Wired: On Tuesday, researchers at Tel Aviv-based app security firm Checkmarx demonstrated that Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder's apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target's phone nearly as easily as if they were looking over the target's shoulder. The researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.
This discussion has been archived. No new comments can be posted.

Tinder's Lack of Encryption Lets Strangers Spy on Your Swipes

Comments Filter:
  • Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target's phone nearly as easily as if they were looking over the target's shoulder.

    When different user actions result in widely different application behavior, it will always be easy to infer the user action. E.g., if matching is the only action that does not result in a new profile being presented, then observation of the smaller data exchange will lead to that inference.

    The only way to avoid this is to make the network traffic identical for all cases, which is extremely wasteful of bandwidth and, presumably, battery life.

    That said, encryption of all data should be standard now. There is

    • by zifn4b ( 1040588 )

      Using Tinder at Starbucks, not wise. Not setting up a guest WIFI network at your house, not wise. Leave your front door open and put a sign in the middle of it that says "Please come and steal all my shit", not wise.

      I would actually love to see the United States devolve back to 19th Century homestead life just to watch Millennials be completely clueless about how to survive. What are they going to do protect their homestead from bandits and brigands, have an academic discussion them with them about empat

      • Why do people miss violence and murder?

  • better: (Score:5, Funny)

    by supernova87a ( 532540 ) <kepler1NO@SPAMhotmail.com> on Tuesday January 23, 2018 @12:24PM (#55986295)
    Maybe if you've got a stalker watching who you swipe on Tinder, you should ask him/her out on a date instead? Problem solved.
  • by 140Mandak262Jamuna ( 970587 ) on Tuesday January 23, 2018 @12:46PM (#55986507) Journal
    Come on, these people are hooking up strangers, and they will be concerned about security?
  • by Anonymous Coward

    These seems like some really shoddy and/or lazy development. More than this particular issue it makes you wonder what other shortcuts or sloppy development they have hiding in their app?

  • Social media makes your personal information public! Film at 11! Another amazingly, intellectual stimulating contribution by msmash! It's a HOOK UP app for one night stands for crying out loud!
  • Imagine a 'mess with Tinder' app that sits on your phone, and allows you to inject images of your choice into the stream of anyone using the same local connection.

    • It'd be kinda funny if all tinder profiles in a coffee shop were suddenly pictures of the barista.

      • You've made me think of something MORE evil - hijacking Tinder to sell coffee.

        What if every other profile served up on your phone was a menu item???

  • I don't get it.

    To be usable the Tinder app requires you to post pictures of yourself, presumably looking as attractive as possible in some way, and a come-on line and a few personal details such as what gender you are and what gender you are looking for. Anybody can view all that.

    So after exposing all that what you swipe on is supposed to be a "risk" of some kind? Seems to me that ship already sailed.

    • My thoughts exactly. Blackmail? really? Maybe if the person is married they can be blackmailed but the chance is greater that their wife/husband's friend is on Tinder and spots them and just rats them out.
  • Possibility #1: You care about privacy. If you actually care about privacy you are already routing all of your internet traffic through a no-logging VPN paid for through an anonymous crypto-currency wallet. Result: this problem doesn't affect you because all your traffic to the VPN provider is encrypted anyway.

    Possibility #2: You don't care about privacy. Result: this also doesn't affect you because you don't care anyway.

    Conclusion: non-issue.
  • This random stranger is able to see me trying to hook up with random strangers! This security vulnerability leaves me open to being seen by a total stranger, but not necessarily one of the ones I want to be seen by, as far as I know, since they are all strangers.

"If it's not loud, it doesn't work!" -- Blank Reg, from "Max Headroom"

Working...