Tinder is flawed, How Hackers can Hack Tinder Account | Some Security Tips: Hi Guys. Are you a tinder user then you are in danger. If you don’t know how to keep secure your Tinder account then this post is for you. Security researchers at Checkmarx said that Tinder’s mobile apps lack the standard HTTPS encryption that is important to keep photos, swipes, and matches hidden from snoops. Follow the full article from the beginning to the end to know all about Tinder Account Spy and get some security tips.
“The encryption is done in a method which actually allows the attacker to agree on the encryption itself, or derive from the type and length of the encryption what data is actually being used,” Amit Ashbel of Checkmarx said.
Tinder is flawed, How Hackers can Hack Tinder Account | Some Security Tips
While Tinder does use HTTPS for secure transfer of data, when it comes to images, the app still uses HTTP, the older protocol.
The Tel Aviv-based security firm added that just by being on the same network as any user of Tinder – whether on iOS or Android app – attackers could see any photo the user did, inject their own images into their photostream, and also see whether the user swiped left or right.
This lack of HTTPS-everywhere results in leakage of information that the researchers wrote is enough to tell encrypted commands apart, enabling attackers to watch everything when on the same network.
While the same network issues are often considered not that severe, targeted attacks could result in blackmail schemes, among other things.
“You know everything: What they’re doing, what their sexual preferences are, a lot of information.”
Tinder Drift – Two Different issues result in privacy concerns (web platform not vulnerable)
The problems stem from two different vulnerabilities – one is the use of HTTP and another is the way encryption has been deployed even when the HTTPS is used. Researchers said that they found different actions produced different patterns of bytes that were recognizable even though they were encrypted.
Example: Left swipe to reject is 278 bytes, a right swipe is represented by 374 bytes, and a match at 581 bytes. This pattern combined with the use of HTTP for photos results in major privacy issues, enabling attackers to see what action has been taken on those images.
“It’s the combination of two simple vulnerabilities that create a major privacy issue.”
The attack is completely invisible because we’re not doing anything active The attack remains completely invisible to the victim because the attacker isn’t “doing anything active,” and is just using a combination of HTTP connections and the predictable HTTPS to snoop into target’s activity (no messages are at risk).
“If you’re on an open network you can do this, you can just sniff the packet and know exactly what’s going on, while the user has no way to prevent it or even know it has happened.”
Checkmarx informed Tinder of these issues back in November, however, the firm is yet to fix the problems. When contacted, Tinder said that its web platform encrypts profile images, and the company is “working towards encrypting images on our app experience as well.” Until that happens, assume someone is watching over your shoulder while you make that swipe on a public network…
Tips to Keep Secure your Tinder Account:
Avoid using public Wi-Fi networks, until developers take measures or build basic HTTPS encryption.
Hope you like this post about Tinder is flawed, How Hackers can Hack Tinder Account | Some Security Tips. Having any issues feel free to drop your opinion. Don’t forget to share.