Tinder has beefed up security in its popular “dating” app due to a letter from Oregon Senator Ron Wyden asking for the app to fix security loopholes and other privacy and data incursions.
Match Group, which owns Tinder, has responded to Senator Wyden by documenting recent changes to the app as of June 19th. Jaren Sine of Match writes that “swipe data has been padded such that all actions are now the same size.” Other issues on Tinder were called out by a research team at Checkmarx stating that it had “disturbing vulnerabilities” and the possibility of privacy invasion and blackmail.
The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).
While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.
In February, Wyden addressed the issue and requested Tinder to pad data to obscure it as it moves from server to app and vice versa. Tinder has hardened security in response to Sen. Wyden. Sine states in a letter to Sen. Wyden:
“Like every technology company, we are constantly working to improve our defenses in the battle against malicious hackers and cyber criminals.”
Tinder is now safer to use, but that never means full privacy. At least they’re making strides to a more protected platform.
