Tinder’s Lack Of ‘Basic’ Encryption Enables Wi-Fi Spies

Security researchers have demonstrated that despite containing personal information, the popular dating app Tinder isn’t nearly where it should be in terms of encryption — and snoops on the same Wi-Fi network could see exactly what you’re seeing as you swipe.

Alex Ruhl / Shutterstock.com

The revelations were provided by Tel Aviv-based security firm Checkmarx, and reported by Wired. The researchers demonstrated that “by being on the same Wi-Fi network as any user of Tinder’s iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream.”

Those photos were found to lack HTTPS encryption, but even the HTTPS-encrypted data on Tinder’s apps could be differentiated, so a hacker could conceivably tell if a Tinder user is swiping left or right on their phone, or if they’ve gotten a match.

Checkmarx demonstrated the vulnerabilities with TinderDrift — proof-of-concept software that it designed. The program exploits the Tinder app’s lack of HTTPS encryption. The security researchers told Wired they contacted Tinder about the issue in November, but the problems still remain.

Taking Precautions

Tinder told Wired it is “constantly improving” defenses against malicious hackers. A Tinder spokesperson noted that profile photos are already public, and the web-based version features more robust HTTPS encryption. However, it seems certain that most Tinder users primarily use the app as their way of navigating the service.

While there undoubtedly aren’t Tinder hackers around every corner of your neighborhood, it still might pay to take a few extra precautions if you want to keep your swiping private. Using the Tinder app on your home Wi-Fi network seems like the best solution for now. Try to avoid swiping on public Wi-Fi networks, especially in crowded areas.

One would expect Tinder to fix this flaw as soon as possible now that it’s gone public, but as Checkmarx’s Erez Yalon said, “There’s really no excuse for using HTTP these days.”

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Trending News

Follow Us