Tinder Strengthens Security Following Concerned Letter From Oregon Senator

Tinder
  • Contributed by:
  • Views: 181

Tinder swiping sessions are more secure than ever and there’s an unlikely hero to thank: 69-year-old U.S. Senator Rob Wyden.

Wyden made news earlier this year when he released a letter demanding that Tinder resolve security issues exposed by a report from Checkmarx, a Tel Aviv-based security firm. Months later, Tinder has responded with good news for both singles and the senator, revealing recent changes to the app’s handling of images and swipe data that make it harder for sensitive information to fall into criminal hands.

Checkmarx noted two “disturbing vulnerabilities” in its original report, dated January 23, 2018:

The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).

While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.

Wyden waited until Valentine’s Day to release his response. In a letter to Tinder CEO Greg Blatt, the senator urged the company to "swipe right on user privacy and security."

"Tinder can easily enhance privacy to its users by encrypting all data transmitted between its app and servers, and padding sensitive transactions to thwart snooping,” Wyden wrote. “These common-sense security fixes would provide Tinder users with the level of security and privacy they expect."

Tinder quickly issued a statement thanking Wyden for his concern and assuring users that privacy is a top priority for the company. The statement referred to a “network of tools and systems to protect the integrity of [the] platform” as well as a recent update to encrypt images on both the mobile app and web version.

Now it appears Tinder has gone further in its quest to secure user data. In a June letter addressed to the senator, Match Group General Counsel Jared Sine again noted that all images on the platforms have been fully encrypted since February 6. He added that, as of June 19, swipe data has been altered to eliminate the security vulnerability discovered by Checkmarx.

“Like every technology company, we are constantly working to improve our defenses in the battle against malicious hackers and cyber criminals,” Sine said in the letter. “Our goal is to have protocols and systems that not only meet, but exceed industry best practices.”

For more on this dating service you can check out our Tinder app review.