Israeli Cybersecurity Firm Finds Cracks in Tinder’s Security, Leaving You Potentially Exposed

Researchers at Israel-based tech firm Checkmarx found that a lack of basic protection leaves users open to threats of blackmail

File: A Tinder profile on an iPhone 6. Israeli tech firm finds the dating app lacks standard encryption, leaving users exposed.
\ ROBERT SCHLESINGER / Picture-Al

Israeli app security firm Checkmarx has uncovered a number of privacy faults in the popular dating application Tinder, whereby potential hackers are able to access users' photos, swipes and matches.
 
Checkmarx found that while the application is mostly encrypted, the images uploaded by users were not, and users' swipe history was only weakly encrypted.

The Tel Aviv-based firm found that the privacy issues, stemming for a lack standard HTTPS encryption, was present in both the Android and iOS versions of the app.
 
Checkmarx's researchers noted that the lack of protection could leave user's open to threats of blackmail. The company said they had informed Tinder of their privacy faults in November, but the application has yet to close the encryption loopholes.

"The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app.

"It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research)," their website explained.

"Knowing an ill-disposed attacker can view and document your every move on Tinder, who you like, or who you decide to chat with is definitely disturbing," the blog post said.