Tinder Hack Pinpointed Users to Within 100 Feet
Tinder is a zippy way to find cute singles in your area, and to let them find you. It's nice to know when an attractive someone is nearby, but a recent security flaw could have let malefactors cut a little too close for comfort and locate Tinder users to within 100 feet of their locations.
Brooklyn consulting firm IncludeSecurity, announced the vulnerability, which has already been fixed, in a blog posting yesterday (Feb. 19). Although exploiting the vulnerability required a fair amount of hacking know-how and the creation of a separate app, IncludeSecurity's researchers successfully triangulated Tinder users' positions with stunning accuracy.
MORE: 10 Best Dating Apps
Tinder is a very simple dating app in which users post flattering photos of themselves and look at other users within a close vicinity (say, 10 miles). Swiping right on a user's photo "likes" them, whereas swiping left gives them a pass. If two users like each other, they can send messages back and forth.
Since proximity is a key factor in Tinder, the app makes use of a mobile device's built-in GPS functionality. This means that if you have a specific person in mind, you can trick Tinder into revealing his or her location. (This also means that finding someone to stalk on a whim is not so easy.)
This past fall, the IncludeSecurity experts created a secondary app called TinderFinder, which used three fake Tinder accounts to query a user's relative location. By corroborating data from all three accounts, TinderFinder could pinpoint a target to within 100 feet. All you needed to know is about your target was his or her name and home city.
Knowing that a mark is within 100 feet is not that useful in an office building, but could potentially create some dangerous situations in an unpopulated public place, or a private residence.
To Tinder's credit, the company patched the vulnerability about two months after being informed of it. IncludeSecurity says it will never release TinderFinder to the public, as it would be trivially simple for malefactors to find users with unpatched versions of Tinder.
There's also no evidence that anyone aside from security researchers exploited this flaw. Even if you've used Tinder for a long time, you have no reason to worry that anyone's ever tracked you down via the program.
In the meantime, make sure you update Tinder by going to the iOS App Store or the Google Play Store, then resume swiping until you find someone who tickles your fancy.