A Tinder vulnerability allows you to see who your matches are

Are you signed up for Tinder? Well, be very careful, because a vulnerability has just been discovered that could put your privacy in check It wouldn't be strange if you were one of the many thousands of users that this application has . It is, in fact, one of the best known to flirt.

Now we have learned that the application in question puts users' privacy at absolute risk It seems that the tool, according to experts, communicates between servers without encrypting connections.So while direct messages and choices you make (swiping to one side or the other) are kept under lock and key, photos aren't.

Thus, any subject matter expert can find a way to access our matches. And discover who or whom we can make good friends with. At least try it.

A dangerous vulnerability in Tinder

The vulnerability has been discovered by security company CheckMarx. But what exactly is it?

Actually, there are two security holes detected. At least the most important ones. As you know, Tinder allows users to choose who they like and who they don't All they have to do is swipe right, if they like it .And to the left to dismiss it and see another profile. This application is currently used by more than 20 billion people around the world, in 196 countries.

These dangerous security holes are in the Android and iOS versions If the attacker uses the same WiFi network as the attacker, it may be perfectly capable of monitoring every movement made within the application. This means that the criminal can see the profile pictures that the user sees.

You can also introduce into the application inappropriate images or content. Use and other malicious content. This has been demonstrated by the research carried out by CheckMarx.

In principle, the vulnerability would not allow criminals to obtain private data from the victim. We refer to account access data (usernames, passwords), nor to card numbers or other bank information.

Of course, it could lead to blackmailing the victim. Since having collected information about their matches, they could be threatened with publishing private information from your profile, people you've liked, or other actions taken within the app.

It is easy to guess the matches of Tinder users

According to CheckMarx experts, guessing the matches of Tinder users is relatively easy When one user discards the photo of another, the server sends a 278-byte encrypted packet. On the other hand, if he shows interest in a photo, what is sent is a packet of 374 bytes.

When a match occurs, that is, that both users agree on their preferences, the packet makes up the 581 bytes.Thus, although the information is encrypted, the size of the packet is enough to know if there is a like, if not, or if there is finally a match .

What can we do against this vulnerability?

Researchers regret that the lack of privacy and the dangers that this concerns have become our daily bread. Thus, in their analysis they point to the fact that users keep in mind that using any application has implicit risk of being victims of a vulnerability

CheckMarx has explained that Tinder has taken action on the matter, not correcting the vulnerability But making it a little more complicated to access to these data. The only thing that we can recommend to Tinder users for now is that they forget about connecting to public Wi-Fi networks to use the application. It is the only guarantee, in principle, of not being spied on.