File A Tinder profile on an iPhone 6. Israeli tech firm finds the dating app lacks standard encryption leaving users exposed
That's according to security biz Checkmarx this week, which claimed Android and iOS builds of the dating app fail to properly encrypt network traffic, meaning the basic actions of peeps looking to hookup - such as swipes on profiles - could be collected by anyone on the same Wi-Fi or carrying out similar snooping. Other data on Tinder is HTTPS-encrypted but as the research firm has discovered, photos are still streamed unprotected.
"What it allows them to do is see all the images that are sent to and from the device in an open network".
A second vulnerability stems from the way Tinder has deployed encryption, even when HTTPs is used.
"While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user's Tinder profile and actions in the app", Checkmarx said. If a user likes a profile then he have to swipe right and in case they don't like anyone then they have to swipe left.
Tinder says it knows about the missing encryption. In tests, the researchers were able to discern which is which because the file sizes of the said user operations are not encrypted.
Sunday Alcohol Sales Bill Passes Senate For First Time
This is the furthest this type of bill has made it, despite similar legislation being presented in previous legislative sessions. It would also allow restaurants that satisfy the requirements to sell carryout to also sell alcoholic beverages on Sundays.
Ant and Dec big winners at National Television Awards
Ant added that alongside filming a new series of Saturday Night Takeaway , they were also working on a tribute to Sir Bruce. Both actresses showed their support of equal pay with Jones sporting a 50/50 badge backing equal representation for women.
Apple Inc. (AAPL) Holdings Lifted by Ramsay Stattman Vela & Price Inc
The firm earned "Mkt Perform" rating on Wednesday, November 16 by Bernstein. (NASDAQ:AAPL) to report earnings on January, 30. It worsened, as 33 investors sold ICPT shares while 30 reduced holdings. 76 funds opened positions while 330 raised stakes.
Security researchers have discovered two disturbing vulnerabilities in Tinder's popular dating app that could let malicious attackers spy on your photos, swipes and matches. No special technique is needed, the attacker just needs to be able to have a packet sniffer to see the data. "The attack is completely invisible because we're not doing anything active", Yalon added.
Checkmarx informed Tinder of these issues back in November, however, the firm is yet to fix the problems. The report features how a malicious attacker can take advantage of these vulnerabilities to cause serious privacy breaches to an unsuspecting user. We employ a network of tools and systems to protect the integrity of our platform. Tinder issued a statement to Wired, saying that they're working towards encrypting images on their app but said nothing about the exposed file sizes.
Tinder does not disclose details about its security tools "to avoid tipping off would-be hackers", a company spokesperson told BuzzFeed News.
According to Checkmarx, Tinder should move all images to HTTPS so they can't be viewed on an insecure HTTP connection. Tinder also said that photos are public information to begin with. After undergoing the responsible disclosure procedure with Tinder's security team, Checkmarx's Security Research Team made a decision to release their research describing two major Tinder vulnerabilities.
Recommended News
-
24 January 2018Pew: 52 Points Separate Polarized GOP, Dem Views of Israel
Almost half of Americans say that a two-state solution is possible in the Middle East, according to the Pew report. Men are split 50-17% for Israel; Women 42-14%; Whites 51-16%; Blacks 42-12%; Hispanics 33-13%.
24 January 2018Earnings Estimates Analysis: Colgate-Palmolive Co. (CL), Las Vegas Sands Corp. (LVS)
Following the completion of the sale, the director now owns 36,268 shares in the company, valued at approximately $2,557,619.36. Engineers Gate Manager Lp reported 11,899 shares. $2.50 million worth of stock was sold by MOISON FRANCK J on Friday, August 4.JM Smucker Co (SJM) Expected to Announce Earnings of $2.15 Per Share
Several other hedge funds and other institutional investors also recently added to or reduced their stakes in the company. Kbc Group Nv decreased General Electric Co (NYSE:GE) stake by 327,732 shares to 2.15M valued at $51.90 million in 2017Q3. -
24 January 2018Shiv Sena break alliance with BJP; to fight 2019 election alone
Congress is also watching how Sena's move would impact coalition reflexes of "suppressed" allies TDP and Akali Dal. Leaders in this group are just below the party president in hierarchy.
24 January 2018Giants hiring former Cardinals DC James Bettcher for same position
Bettcher will also meet with the Tennessee Titans to discuss their defensive coordinator job under new head coach Mike Vrabel. Former Oakland Raiders head coach Jack Del Rio is also reportedly in the running for the Giants' defensive coordinator job.Time Warner Inc (TWX) Shares Sold by Regentatlantic Capital LLC
Silchester International Investors Llp sold 929,402 shares as the company's stock rose 11.01% with the market. Independent Franchise Partners LLP boosted its holdings in shares of Time Warner by 2.8% in the 3rd quarter. -
24 January 2018CPI (M) to contest 57 seats in Tripura
The Left Front government, which is in power in Tripura for the past 25 years, is facing a challenge from a resurgent BJP. However, none of them explained why smaller left parties were given just three seats in the 60-member assembly.Florida RB Jordan Scarlett, WR Rick Wells among four suspended Gators reinstated
Each of them made one charge with a stolen credit card number, ranging in value from $500 to $2,000, authorities said. Miller and Houston should add needed depth at linebacker, while Wells has not played at UF.
24 January 2018US lawmakers scramble on immigration, shutdown paused
The bill permits spending for government operations through February 8. The federal government gets back up and running today. A bipartisan group of two dozen senators, led by Sen. -
Rothschild Capital Partners LLC Decreases Position in UnitedHealth Group Inc (UNH)
The sale was disclosed in a legal filing with the Securities & Exchange Commission, which is accessible through the SEC website . The stock of UnitedHealth Group Incorporated (NYSE:UNH) has "Buy" rating given on Wednesday, June 7 by Cantor Fitzgerald.
24 January 2018Acadiana schools participate in National School of Choice Week
She knew her son wouldn't do well in the large classrooms of the public schools near her family's home in Mountain's Edge. But investing in homeschooling or private education is a small price to pay for parents who want the best opportunity.
24 January 2018Senior Twitter executive to run troubled finance startup SoFi
SoFi , founded as Social Finance Inc, is provides online services for mortgages, personal loans, and refinancing student debt. Still Greenfield says that CEO Jack Dorsey will be able to propel growth at the company.
