Dating Fraud Warning Re-Issued
Male fraudsters are setting up profiles of women on dating sites to attract and manipulate vulnerable victims.
Researchers suggest the lack of protection allows for anything from simple nosiness, to complex blackmail schemes.
The dating app Tinder has been found to have two major vulnerabilities which, if exploited, could allow others to monitor a user’s every move on the app.
Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, security researchers could see any photo the user did - or even inject their own images into his or her photo stream. The replacement images could easily be of an inappropriate nature, contain rogue advertising or other types of malicious content.
Tinder allows users to swipe through dating profiles of people in their immediate area: swiping right for a person they like, left if they lack interest and up if they “Super Like” someone. If someone likes them back, the next step is chat-messaging on the app. So far, the app has created more than 20 billion matches in 196 countries.
Aside from the potential advertising fraud and malware issues, the vulnerabilities, found in both the Android and iOS versions of the app, allow an attacker to stalk and blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.
The researchers suggest that this lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.
Checkmarx said that it has disclosed the vulnerabilities to Tinder.