Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Cellphones Security Social Networks Software

Eavesdropping On Tinder: Researcher Demonstrates Man-in-the-Middle Attacks (hert.org) 19

An anonymous Slashdot reader writes: Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, "Not only we can eavesdrop on the conversation of two strangers, we can also change their reality." The attack can easily be extended to SMS, Whatsapp, iMessage and voice.
"At some point people exchange phone numbers and the Tinder convo stops. That's not a problem..." Zboralski explains, suggesting more ways to continue the man-in-the-middle exploits..

His article drew a response from Tinder, arguing they "employ several manual and automated mechanisms" to deter fake and duplicate profiles. But while they're looking for ways to improve, "ultimately, it is unrealistic for any company to positively validate the real-world identity of millions of users while maintaining the commonly expected level of usability."
This discussion has been archived. No new comments can be posted.

Eavesdropping On Tinder: Researcher Demonstrates Man-in-the-Middle Attacks

Comments Filter:
  • MitM (Score:5, Funny)

    by FrankHaynes ( 467244 ) on Saturday August 27, 2016 @09:35AM (#52780855)

    Would a man-in-the-middle attack on Tinder amount to a 3-way?

  • In my mind, that's creating a fake profile, and pretending to be someone else. In my opinion, a specious use of the phrase "Man in the Middle" because at no point has party A or party C confirmed their identities.
    • In my mind, that's creating a fake profile, and pretending to be someone else. In my opinion, a specious use of the phrase "Man in the Middle" because at no point has party A or party C confirmed their identities.

      They have confirmed their identity against a fake Facebook account. Technically it is a man-in-the-middle attack, it's just so primitive it looks like cheating.

      Kind of like when you write code to implement TCP over voice. (Basically re-inventing the modem, but slower and over an airgap!) Technically the two machines are networked with TCP, but it still feels like cheating.

  • The only thing we really want this exploit to do is to tell us who has already fancied us.

  • He may be a researcher, but this study wouldn't pass any US IRB board as sanctioned research.
  • The attack can easily be extended to SMS, Whatsapp, iMessage and voice.

    So... you're claiming Tinder first just to get clickbait... right?

  • That's more of a Grinder thing, isn't it?

Keep up the good work! But please don't ask me to help.

Working...