back to article Swipe fright: Tinder hackers may know how desperate you really are

A lack of security protections in Tinder's mobile app is leaving lonely hearts vulnerable to eavesdropping. That's according to security biz Checkmarx this week, which claimed Android and iOS builds of the dating app fail to properly encrypt network traffic, meaning the basic actions of peeps looking to hookup – such as swipes …

  1. O RLY

    Good advice for everyone

    "The recommendation for users is simple enough: avoid public Wi-Fi networks wherever possible."

    Not just Tinder users.

  2. Anonymous Coward
    Meh

    You don't really need to hack Tinder

    Just look at the person holding the phone. If they are male, then they will be swiping right on pretty well everyone; if female then swiping right on practically no-one. https://arxiv.org/pdf/1607.01952.pdf etc

  3. macjules

    "A spokesperson for Tinder was not available for immediate comment, but is understood to be aware of and will be addressing the security shortcomings"

    The spokesperson is also a developer? Clever people those Tinder chaps.

  4. vir

    You Don't Have To Be Lonely...At HackersOnly.com

    "The victim's profile information could also be intercepted and viewed."

    Would it be impolitic of me to observe that this is the entire point of the app?

    1. Dave 126 Silver badge

      Re: You Don't Have To Be Lonely...At HackersOnly.com

      Indeed. So, there's two ways of seeing the profile pic of local men on Tinder:

      First way: build a WiFi snooping device and leave it in a bar.

      Second way: just log into Tinder as a woman.

      Second way sounds easier - if you are a woman or have a female Facebook account. Ashley Madison this isn't.

    2. Swarthy
      Pirate

      Re: You Don't Have To Be Lonely...At HackersOnly.com

      "The victim's profile information could also be intercepted and viewed."
      I think the more pertinent (ab)use-case would be modifying the profiles/picture that are being viewed, or which profile is being requested.

      Swipe left all you want, the only profile you'll see is mine! Eventually, you'll have to swipe right.

      ..or swipe left if you want, I'll just substitute it with a right-swipe packet. (If they used fixed-size packets, who wants to bet that it's also vulnerable to a replay attack?)

  5. Mark 85

    Once more, into the breach... with boilerplate!

    "We take the security and privacy of our users seriously.

    I really wish someone in corporate PR for tech companies would just not bother to make this bit of boilerplate the first words in any release about flaws, hacks, etc. It rings rather hollow anymore.

    1. Anonymous Coward
      Meh

      Re: Once more, into the breach... with boilerplate!

      We take the security and privacy of our users seriously.

      I bet the person who first thought up that phrase wishes they had copyrighted it and charged a fee for its use. They'd be richer than Jeff Bezos.

  6. Anonymous Coward
    Anonymous Coward

    If you are using Tinder in a public place

    Surely some people will be able to see your screen and see what you're doing even if you had encrypted communications.

    Of all the things hackers who are snooping public wifi traffic might care about grabbing, I think people's Tinder habits are WAY down the list. Talk about pointless worrying!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like