After Tinder was tweaked to stop utilizing a user’s specific latitude and longitude to determine proximity, a security expert discovered that the new location identifier shared enough precise data to easily triangulate the exact location of a potential match’s last known whereabouts.
" />

Security expert reveals Tinder sharing a bit too much location data

tinder-finder

Tinder is the go-to casual dating app for plenty of singles, but a security flaw could have made it a favorite of stalkers, too. After the app was tweaked to stop utilizing a user’s specific latitude and longitude to determine proximity, a security expert discovered that the new location identifier shared enough precise data to easily triangulate the exact location of a potential match’s last known whereabouts.

In Tinder’s API, the distance in miles is provided to an alarming degree of accuracy (represented as a 64-bit double for individuals out there well-versed in code). The folks at Include Security describe a method that — given at least three reference points as data — can easily tab the location of any user. This can be achieved by spoofing current location in relation to a target in order to perform simple calculations to pinpoint a fairly accurate spot on the map.

Include Security even created, as a proof of concept, a website called TinderFinder. By entering only a Tinder user’s ID in order to quickly pinpoint their location. The only difficult part would be sniffing out a user’s ID, but any skilled hacker could do that with little trouble. The website was not made public, and given the sensitive nature of this particular flaw there are no plans to allow access.

With two troubling instances of location data sharing for Tinder in the past year, should users be concerned? The good news is that Tinder has apparently already addressed the latest issue, though there is no telling if the method described had been used maliciously in the past. Rest easy for now, Tinder users.

[via IncludeSecurity]

Continue reading:

TAGS: