tech2 News Staff Jun 30, 2018 13:49 PM IST
In February, Tinder recently was pulled up for cybersecurity flaws in its app that could potentially put a user's information at risk. In a letter sent to Senator Ron Wyden who had pulled up the dating app for the cybersecurity vulnerability in February, Tinder has confirmed that the flaws have been fixed for both iOS and Android users in its new update.
To familiarise those who do not know about Tinder, it is a dating app owned by the Match Group. Through this app, users can find their matches by swiping right to accept a date or left to reject them. Additionally, it has functions such as 'likes' and 'superlikes'. A user can press the 'like' button to suggest an interest in them. If the other person also presses 'like', then users are notified that it is a 'Match'.
'Superlike' comes in a star shape button near the 'like' feature which notifies another user if they have been 'superliked' by you while they are swiping and holds a special place in the app. It suggests that the person is their topmost choice among others.
Two flaws were first spotted by Checkmarx in January. The Checkmarx report said that Tinder servers were using an insecure and an older version of HTTP connection. Therefore, hackers using a similar Wi-Fi network could see the pictures of profiles and replace them, as well as set changes to the information in a person's account. The issue was solved by update on 6 February where all the photos were encrypted. With a security vulnerability such as this, a person's personal information can be made public or used as a tool to blackmail.
The second flaw was the data size of each function such as like, superlike or the swiping functions. Even though it was encrypted, the difference in size could give hackers a hint about a user's move on the dating app. On 19 June, Tinder put all the swipe data within the same file size.
In an earlier report, AppSecure had spotted that hackers could have access to Tinder profiles of people using the user's phone number to take over an account. This was later fixed by the dating app.