Researchers Discover Easy Hacks for Popular Dating Apps Like Tinder and OkCupid

November 8, 2017 - 4 minutes read

Great news, IoT app developers! You get a break from Dogtown Media News’ cybersecurity installment this week. Unfortunately, that means the attention is elsewhere now — dating app developers, sorry, but this one is for you.

Cybersecurity researchers recently revealed that they have found multiple ways to hack many popular dating apps like Tinder and OkCupid.

Tough Love

Kaspersky Lab researchers in Moscow recently found a range of exploits they could use on dating apps to obtain information like username, login info, location data, message history, and profile view history.

While conducting research on both iOS and Android versions of nine popular mobile dating apps, Sergey Zelensky, Mikhail Kuzin, and Roman Unuchek made a disturbing discovery — most of these apps don’t fully utilize HTTPS encryption. This makes it easy for hackers to obtain information without needing to actually infiltrate the apps’ servers.

Fortunately for the NYC developers of OkCupid and LA-based developers of Tinder, other apps were also found guilty of low security. Bumble, Badoo, Mamba, Zoosk, Happn, WeChat, and Paktor all made the list as well. Strangely absent from the list were apps strictly catering to the LGBT community, like Grindr or Scruff. These apps usually include more sensitive information than the others, like sexual preference or HIV status.

The Exploits

The simplest exploit simply relied on utilizing the information that dating app users supplied about themselves. Researchers were able to take this information and match it to other social media platforms 60% of the time. Tinder, Bumble, and Happn were found to be most vulnerable to this method.

Similar to the first hack, the next thing researchers tried also didn’t require any cybersecurity expertise. Most dating apps give you an approximation of how far you are from the person you’re chatting with. By giving the apps a few false coordinates and recording the changes in distance, researchers could pinpoint the location of a user. Tinder, Zoosk, Mamba, Happn, Paktor, and WeChat were all susceptible to this.

Perhaps the most disturbing finding was that many apps don’t use HTTP encryption on information or uploaded photos. By exploiting this, researchers could see what profiles and pictures a user had viewed. They were also able to extract login data and send messages as the hacked user in a few of these cases.

The last exploit is most worrisome for Android, but luckily requires more effort on the hacker’s end. By having physical access to a rooted mobile device, hackers were able to obtain superuser access to Android phones. This allowed them to gain full access to dating app accounts and retrieve a plethora of personal information about the phone owner.

Precautions and Solutions

The above exploits are serious threats that could leave unknowing users vulnerable to stalking or blackmail. Fortunately, the researchers have already forwarded their findings to each of the mobile app companies found to be exploitable.

Don’t go throw your phone in the trash and give up on love just yet, either. For apps that only supplied the first name, age, and some photos of a user, it was actually extremely difficult for researchers to find anything else about the person.

If all of this news leaves you fretful about wearing your heart on your sleeve, researchers also recommend to regularly use a VPN and malware detector, avoid public WiFi, and don’t give specific information like your place of work to the dating app. Hang in there. Love can be tough, but it doesn’t have to be dangerous.


Tags: , , , , , , , , , , , ,