Back in January this year, popular match-making app Tinder was found to be vulnerable to attacks by hackers, who could easily steal users’ pictures over a public Wi-Fi. Although Tinder fixed the vulnerability a month later, it has now added better safeguards including complete encryption of data transferred between the users’ handsets and its servers.
Tinder addressed the issue in a letter to Sen. Ron Wyden who had requested the company to encrypt photographs on the platform. The senator had appealed Tinder to strengthen its security after an Isreali startup Checkmarx demonstrated the ease of stealing users’ pictures as well as completely taking over their feed using a simple tool called “TinderDrift”.
Before Tinder fixed the issue pointed out by Checkmarx, only text-based information on the meetup app was encrypted while pictures were transferred over an insecure HTTP connection. This made stealing users’ pictures very easy. Moreover, the encrypted text data could also be distinguished easily based on the size of the command. For instance, hackers could identify if you’ve swiped right or left on a particular user, could predict matches, and snoop on other activity.
Tinder made a quick move and encrypted photos in February itself, it has now normalized the size of commands, would otherwise allow hackers to know virtually everything about users’ movements on the app, including their sexual preferences, and what they were talking about.
After encrypting images back in February, Tinder also fixed another vulnerability in the app which would allow hackers to sabotage accounts of users using their phone numbers linked to their Facebook accounts. For this, Tinder and Facebook awarded the researchers of $1,250 and $5,000 respectively as a bug bounty reward for discovering the flaw.
Now that the Tinder app is perfectly sealed, you can continue to find new friends or the love of your life. You can also seek “long-term relationships” using Facebook’s yet-to-arrive dating feature, which was promised at the F8 Conference last month – although we haven’t heard more about it since the announcement.