Good advice for everyone
"The recommendation for users is simple enough: avoid public Wi-Fi networks wherever possible."
Not just Tinder users.
A lack of security protections in Tinder's mobile app is leaving lonely hearts vulnerable to eavesdropping. That's according to security biz Checkmarx this week, which claimed Android and iOS builds of the dating app fail to properly encrypt network traffic, meaning the basic actions of peeps looking to hookup – such as swipes …
Indeed. So, there's two ways of seeing the profile pic of local men on Tinder:
First way: build a WiFi snooping device and leave it in a bar.
Second way: just log into Tinder as a woman.
Second way sounds easier - if you are a woman or have a female Facebook account. Ashley Madison this isn't.
"The victim's profile information could also be intercepted and viewed."I think the more pertinent (ab)use-case would be modifying the profiles/picture that are being viewed, or which profile is being requested.
Swipe left all you want, the only profile you'll see is mine! Eventually, you'll have to swipe right.
..or swipe left if you want, I'll just substitute it with a right-swipe packet. (If they used fixed-size packets, who wants to bet that it's also vulnerable to a replay attack?)
"We take the security and privacy of our users seriously.
I really wish someone in corporate PR for tech companies would just not bother to make this bit of boilerplate the first words in any release about flaws, hacks, etc. It rings rather hollow anymore.
Surely some people will be able to see your screen and see what you're doing even if you had encrypted communications.
Of all the things hackers who are snooping public wifi traffic might care about grabbing, I think people's Tinder habits are WAY down the list. Talk about pointless worrying!
Biting the hand that feeds IT © 1998–2021