Tinder, the ever-popular dating app, has come under the scrutiny of Checkmarx, a cybersecurity and application testing company. Their research suggests that hackers could potentially view the images downloaded by Tinder users, as well as the actions taken on each profile, swiping left or right.
Here’s how the vulnerability works:
By using the HTTP connection in combination with a predictable HTTPS response size, a hacker gains the ability to decrypt the profile actions of a specific user. Even though Tinder uses the more secure HTTPS protocol when it comes to data transfer, somehow, the normal HTTP protocol is used when handling images.
Erez Yalon from Checkmarx believes this is unacceptable in 2018.
Luckily, the exploit seems to be tied to local networks only, like public Wi-Fi spots, for example. This is the only place where the personal data associated with your Tinder profile could be at risk. If you do, however, become a victim of a hacker, even your images could potentially be altered via intercepting traffic.
According to Yalon, a hacker could, for example, replace your images with ads, or change them in another malicious manner. The data regarding which images you’ve viewed is also at risk, alongside with what action you’ve decided to take, in simpler terms, whether you’ve ‘liked’ another person’s profile or not.
The good news is that researchers haven’t found any trace of the exploit being used. However, for the time being, it’s probably best to avoid using Tinder on a public network in order to protect your personal privacy.