The dating app Tinder has been found to have two major vulnerabilities which, if exploited, could allow others to monitor a user’s every move on the app.
Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, security researchers could see any photo the user did - or even inject their own images into his or her photo stream. The replacement images could easily be of an inappropriate nature, contain rogue advertising or other types of malicious content.
Tinder allows users to swipe through dating profiles of people in their immediate area: swiping right for a person they like, left if they lack interest and up if they “Super Like” someone. If someone likes them back, the next step is chat-messaging on the app. So far, the app has created more than 20 billion matches in 196 countries.
Aside from the potential advertising fraud and malware issues, the vulnerabilities, found in both the Android and iOS versions of the app, allow an attacker to stalk and blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.
The researchers suggest that this lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.
- Keep your device software up to date
- Make sure you have the latest versions of any app on your devices
- Use websites with HTTPS within the address bar when entering any personal details online
- If possible, download an anti-virus software to your devices
- If you are concerned about this Tinder flaw, use your 3G/4G data while on Tinder when out and about; rather than using public Wi-Fi
Checkmarx said that it has disclosed the vulnerabilities to Tinder.