Are you on Tinder? How confident are you about your privacy online?
In a series of disturbing findings, the Security Research Team of Checkmarx has discovered vulnerabilities in Tinder, a widely used dating platform. In the report made by the team, it was found out that a malicious attacker can use these vulnerabilities to their advantage to steal private information from the unsuspecting Tinder users.
Considered one of the first generations of swiping apps, Tinder was launched in 2012. Used as a popular online dating platform, it allows the users to easily navigate by swiping through user profiles in order to establish social connections. With the app, a user can swipe right for a Tinder profile that they like or swipe left to browse through the next user’s profiles. Today, Tinder is widely used in 196 countries and based on their site information, they have made over 20 billion matches.
Tinder Vulnerabilities – What You Should Know
After going through the responsible disclosure procedure together with the security team of Tinder, Checkmarx has published its research discussing the two major vulnerabilities that they have found in Tinder.
Present in both the iOS and Android Tinder app versions, the vulnerabilities enable a malicious attacker to use the same network that the users are using, in order to ‘spy’ on every app activities and moves of the user. The research also uncovers how it is possible for the attacker to gain control over the profile pictures that a user can see. Attackers can swap them with lewd or inappropriate content, fraud advertisements, and other malicious contents.
At this point, credential theft has yet to be determined. There is still no known direct financial impact identified yet in the process. Still, it remains a possibility that the malicious hacker can easily prey on the unsuspecting users and use whatever information they can find to blackmail the user. Attackers can potentially threaten the victims of having their highly confidential account information and activities in Tinder be exposed. And, of course, who would want their private information leaked online?
The security research made by Checkmarx has helped shade some light on the importance of privacy. In this era, dominated by various social media platforms, it seems as though some people are getting accustomed to the lack of privacy. Users are becoming lax about protecting their private information.
But the thing is, Tinder should be as private as it is supposed to be. Isn’t it disturbing to know that someone can spy on you and monitor your every move in Tinder? That someone can make a record of who you liked and chatted with? Yet, are these reasons enough to simply quit on Tinder? Where can the users draw the line when it comes to compromising their private information?
Needless to say, Tinder and other social apps like EA games and Uber should optimize their effort in making sure their application security is strong and impenetrable. The upcoming EU GDPR hopefully, can create a positive impact when it comes to application security. Until then, users should be extra careful and mindful to ensure their privacy is never compromised online.