Consumers in the internet of things (IoT) age use web-connected devices and apps for everything, including dating. Consider Tinder, the matchmaking app built on the concept of the swipe.
Romance seekers “swipe right” to indicate interest but can only chat with the person they “like” if that user also swipes right on them. And there are millions of would-be daters: Tinder is available in 40 languages and used in 196 countries, having boomed in popularity as online dating taboos have diminished and couples aren’t as hesitant as in internet dating’s early days to admit they “met” on Tinder.
All that sounds fine—except that hackers have caught on too, according to a study by app security testing company Checkmarx. And that’s bad news for anyone on Tinder who’d prefer to keep their swiping habits secret.
According to the report, hackers can exploit two vulnerabilities in the Android and iOS versions of the Tinder app to spy on users. The vulnerabilities allow hackers to see users’ profiles and the profiles they view and swipe on. The cybercriminals may also follow users’ matches, the study found.
Hackers can’t exploit those vulnerabilities unless they’re on same Wi-Fi network as a user. That makes attacks possible through any public hotspot, the study said.
Tinder is reportedly responding. Checkmarx sent its research results to the company, which said it is constantly upgrading its security, including encrypting more data, Checkmarx told Bloomberg Law.
Tinder didn’t immediately respond to Bloomberg Law’s email request for comment.
Some basic cyberhygiene rules can reduce risk, including using https secure connections for websites, rather than http. Not to mention avoiding swipes in unsecured, public, Wi-Fi spots, the study said.