24 Jan Hackers Can Intercept Tinder Photos and Swipes, Says Security Company
Security testing company Checkmarx recently revealed that a vulnerability on Tinder that could allow hackers to snoop on a user’s photos and swipe activities.
The bug, which is based on an HTTP connection and a predictable HTTPS response size, enables attackers to decode encryption signatures. Erez Yalon of Checkmarx further revealed that although Tinder uses HTTPS to transfer data, it still uses HTTP to send images. This means an attacker on the same network, such as a public wifi hotspot can see the user’s profile and even alter the images if they choose to act maliciously.
Checkmarx had already reported and made recommendations on the bug to Tinder, who said that they are constantly working to improve their security measures, but will not go into detail about the tools and enhancements that they have implemented.
Source: ZDNet