Tinder App is Now Perfectly Encrypted
Jun. 30, 2018Back in January this year, popular match-making app Tinder was found to be vulnerable to attacks by hackers, who could easily steal users’ pictures over a public Wi-Fi. Although Tinder fixed the vulnerability a month later, it has nowadded better safeguards including complete encryption of datatransferred between the users’ handsets and its servers.
Tinder addressed the issue in a letter to Sen. Ron Wyden who had requested the company to encrypt photographs on the platform. Thesenator had appealed Tinder to strengthen its securityafter an Isreali startup Checkmarx demonstrated the ease of stealing users’ pictures as well as completely taking over their feed using a simple tool called “TinderDrift”.
Before Tinder fixed the issuepointed out by Checkmarx, only text-based information on the meetup app was encrypted while pictures were transferred over an insecure HTTP connection. This made stealing users’ pictures very easy. Moreover, the encryptedtext data could also be distinguished easily based on the sizeof the command. For instance,hackers could identify if you’ve swiped right or lefton a particular user, could predict matches, and snoop on other activity.
Tinder made a quick move and encrypted photos in February itself, it has now normalized the size of commands, would otherwise allow hackers to know virtually everything about users’ movements on the app, including their sexual preferences, and what they were talking about.
After encrypting images back in February, Tinder alsofixed another vulnerabilityin the app which would allow hackers to sabotage accounts of users using their phone numbers linked to their Facebook accounts. For this, Tinder and Facebook awarded the researchers of $1,250 and $5,000 respectively as a bug bounty reward for discovering the flaw.
Now that the Tinder app is perfectly sealed, you can continue to find new friends or the love of your life. You can also seek “long-term relationships” using Facebook’s yet-to-arrive dating feature, which waspromised at the F8 Conferencelast month – although we haven’t heard more about it since the announcement.
