It is typically advised that if you were to hook onto a public WiFi network that you probably shouldn’t conduct sensitive business matters, such as online banking, or maybe even sharing sensitive information like prototype products, and the likes. However what about casual use, like using Tinder?
Turns out even that might not be safe, thanks to the efforts of researchers from Tel Aviv-based security firm Checkmarx. According to the report from WIRED, it seems that there exists a vulnerability in the Tinder app that lets anyone connected to the same WiFi as you to potentially snoop in your Tinder photos and also see the matches that you might have made.
This is because Tinder does not use HTTPS encryption for photos, meaning that it leaves it open to potential interception where strangers can see your photos or even insert photos of their own. According to Erez Yalon, Checkmarx’s manager of application security research, “We can simulate exactly what the user sees on his or her screen. You know everything: What they’re doing, what their sexual preferences are, a lot of information.”
The researchers have even put together a demo called TinderDrift that shows off what the hack could do by reconstructing a user’s entire Tinder session. In response to the vulnerability being exposed, the company issued a statement which reads, “We are working towards encrypting images on our app experience as well. However, we do not go into any further detail on the specific security tools we use, or enhancements we may implement to avoid tipping off would be hackers.”