Tinder’s new security feature aims to keep hackers, cyber criminals at bay
Tinder's parent company Match Group has announced it is now encrypting photos sent between Tinder's servers and its main application. The announcement comes as a response to a letter from a US Senator who had urged the company to fix some major security loopholes in the application that could have been easily exploited by cyber criminals. The encryption brings an important security layer to the dating application that has become one of the targets for cyber criminals.
"I am happy to report that 'swipe data' has been padded such that all actions are now the same size (effective June 19) and the images transmitted between the Tinder app and the servers are now fully encrypted as well (effective February 6; images on the web version of Tinder were already encrypted)," Jared Sane, General Counsel, Match Group, wrote in the letter.
The company, however, claimed that they had already implemented the feature on February 4 but had waited to respond to Wyden until it also adjusted a separate security feature that made all "swipe data" the same size.
The size of the "swipe data" was used by security researchers to differentiate actions from one another.
"As part of our ongoing efforts to improve our defences against malicious hackers and cyber criminals, we employ a 'Bug Bounty Programme' and work with skilled security researchers across the globe to responsibly identify potential issues and quickly resolve them," Sane added.
Earlier this year, a security research company Checkmarx disclosed the "disturbing vulnerabilities" in the dating application.
"The vulnerabilities, found in both the app's Android and iOS versions, allow an attacker using the same network as the user to monitor the user's every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research)," wrote the researchers on their website.
"While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user's Tinder profile and actions in the app."
(with inputs from IANS)