Online Dating app Tinder, available for the iPhone from the app store, has become incredibly popular in the past few months.
Tinder app allows you to find dates nearby your location within a few miles and connects you with them, but a vulnerability allowed the attacker to potentially pinpoint your exact location to within 100 feet.
Security Researchers at Include Security discovered that Tinder GPS vulnerability making members vulnerable to hackers.
Tinder app allows you to find dates nearby your location within a few miles and connects you with them, but a vulnerability allowed the attacker to potentially pinpoint your exact location to within 100 feet.
Security Researchers at Include Security discovered that Tinder GPS vulnerability making members vulnerable to hackers.
The Security flaw was discovered by the company last October, that enabled any member with some programming skills to access the app's API (Application Programming Interface) to get the exact latitude and longitude for another member.
"Due to Tinder's architecture, it is not possible for one Tinder user to know if another took advantage of this vulnerability during the time of exposure. The repercussions of a vulnerability of this type were pervasive given Tinder's massive global base of users," Include Security Founder Erik Cabetas said in a statement.
Using GPS data collected by Smartphone, one could triangulate to determine where a user is located. Researchers built their own private application called TinderFinder, that could locate a person simply by entering a member's Tinder identification number.
Video Demonstration:
"You don't need any special privilege or anything like that. All the information is gathered from the server with any Tinder user account," said Erik Cabetas and unfortunately the Online Dating app turned out be a GPS tracker.
Tinder CEO Sean Rad said in a statement that it implemented security measures "shortly after being contacted" by Include Security, and did not respond to further inquiries from the company because it does not usually share the specifics of Tinder's security measures. "Our users' privacy and security continue to be our highest priority," said Tinder.
Include Security says, app designers should be careful to protect users' security as they add new features that incorporate Geo-location. "As more and more applications are being built to include Geo-location services, there is an increased risk to the privacy and safety of users."
