Vulnerabilities let people see your Tinder swipes and photos

Share this news!

Think twice about using Tinder on public Wi-Fi. A security firm says the dating app uses insecure encryption that could let hackers snoop on your activity.

 

You might want to swipe left on Tinder’s security.

Researchers at Checkmarx, which helps developers test the security of their applications, said in a blog post Tuesday that the popular dating app has a couple of vulnerabilities. The flaws could let an attacker on the same Wi-Fi network you’re using see what profile photos you’re looking at and whether you swipe right or left, Checkmarx said. That’s because profile pictures on Tinder use HTTP instead of HTTPS, the encrypted protocol that more than half the internet uses to protect data from prying eyes.

 

If you’re unfamiliar with Tinder, more than 50 million people use it to find dates based on photos, swiping left to reject a prospect or right to express interest. The researchers said they found these flaws in both the Android and iOS versions of Tinder. Tinder didn’t respond to a request for comment.

 

Because Tinder’s profile pictures use the insecure and outdated HTTP connection, an attacker on the same network could spy on the internet traffic and view the images. The hacker would even be able to replace the pictures without the victim knowing, Checkmarx said.

 

Photo: CNET / News Source: CNET