Checkmarx, an app security company, came forward with a report showing weak spots in Tinder’s encryption. These weak spots pave the way for hackers to monitor and tamper with millions of Tinder profiles.
These Tinder hackers can infiltrate and examine any user’s photos by hooking up to the same Wi-Fi network that the user is on. They then use a “packet sniffer”, which allows the photo packets to be downloaded and trifled through. Thanks to Tinder, who doesn’t employ an HTTPS encryption in regards to user’s photos, it’s almost like the hackers are able to come through an unlocked front door.
Since pictures on Tinder are open to the public anyways, information gathered from these images are usually minimal. The spies are essentially viewing your profile without the option to swipe. The thing that makes this scary is the breach of privacy; the fact that someone is out there viewing your pictures with the intent to harm provides a strong sense of unease.
In Tinder’s defense, they do have HTTPS encryption for things like swiping left or right. But Checkmarx snooped through the app and tinkered a little, and in the end, found a way that hackers could still be infiltrating through the encryption. After swiping through Tinder, data is sent to your connected WI-FI network in a neat little packet. Through the HTTPS encryption, spies (in theory) would be unable to see what it means. But by the process of elimination, hackers know that there are three different types of swipes: left, right, and super like, which all happen to be the same file size. This makes the action crystal clear to spies, almost as if they were watching you perform the action over your shoulder.
To top it all off, hackers are not only viewing your every move. They can also add and delete their own choice of photos in your photostream.
Depending on the hacker, these nonconsensual images could range from cyber-pranking to cyberterrorism, all while giving the impression that you were the one to upload such images. Hackers are also using this breach as blackmail, essentially holding the users account hostage until they get what they asked for.
Checkmarx brought the weak spots to Tinder’s attention last November but claimed that Tinder has made no steps to fix the problem.
In a recent public statement, a spokesperson from Tinder declared that they are working to fix the encryption on images, but did not go into more detail for fear of exposing the new tools they are implementing to even more hackers.
For now, make sure you’re always secure at home, connected to your own WI-FI network when you decide to swipe.