Can it be true that many people’s greatest fear has actually come true? When our private, intimate conversations are on the line, we tend to rely on the tech geniuses who created the iPhone and Smartphone apps we love to deliver a secure, unbreakable product. Unfortunately, this is not always the case…
Your Phone Number Allows Hackers Into Tinder
Your Phone Number Allows Hackers Into Tinder – Or At Least It Did Until About A Week Ago
So how was the smartphone app’s vulnerability discovered?
Anand Prakash is an Indian software engineer who spends his life passionately finding glitches, bugs, and major security leaks in popular iPhone and Smartphone apps. In the cyber security world, this kind of devotion and passion is usually the driving force behind secure, polished user experiences.
Dating apps like Tinder are hot right now, and due to their massive wealth of downloads, oftentimes they are targeted by hackers. Dating apps store unbelievable amounts of information about us, creating a literal goldmine situation for advertisers and hackers alike. Anand knows this better than anyone, since he is the one who discovered Tinder’s security leak. After documenting the issue on Medium, both Tinder and Facebook’s software development teams have been responsive to Anand’s findings and have been able to fix the app’s login issue.
Plus, Anand actually made a pretty penny for his discovery. Top companies often offer “bug bounties,” which guarantees software developers a check each time they find and fix glitches with new apps. In this case, Facebook was willing to pay Anand $5,000 and Tinder took care of him for $1,250…not too shabby for a guy trying to protect love!
Was it easy to hack Tinder?
The first question a lot of us are going to want answered is whether or not this is the kind of thing a teenage kid holding a grudge could do, or if it takes a decent amount of technical knowledge to exploit these vulnerabilities.
In order to answer that, you have to understand that Tinder actually uses a Facebook login program to manage user accounts. The dating app makes use of AccountKit, so people logging in on a iPhone or Smartphone can have a quick and easy time getting back to their conversations.
As Anand showed the world, this Facebook API (application programming interface) actually stores access tokens from past logins. This means that every time a person received a Tinder login verification code through text or email, that verification code was stored by Facebook and could be reused by a hacker with enough motivation.
Your Phone Number Allows Hackers Into Tinder – But What Kind Of Access Do They Gain?
In other words, did Facebook’s access tokens grant hackers special abilities within the app?
Surprisingly, the level of access granted for a hijacked account where the hacker used a phone number exploit is literally the same as when you login to Tinder yourself. The hacker is fully capable of reading your messages, swiping to find new matches, messaging, and changing your entire profile. If your iPhone or Smartphone privacy is a large part of your social life, this is the kind of security leak that could make or break you.
How many accounts could a hacker take over at any given time?
Anand’s video evidence of the glitch shows hundreds of numbers running at once. It’s not very likely that every account on Tinder has been hacked at some point, but with how easy it was to gain access tokens, it’s safe to say that too many accounts may have been hijacked at some point in the past few years. Tinder and Facebook currently have not released any information to the associated press regarding how major this vulnerability in the grand scope.
Your Phone Number Allows Hackers Into Tinder – So Is This App Issue Fixed?
Luckily, a few days after Anand published his findings,both Tinder and Facebook announced publicly that this iPhone and Smartphone access token exploit has been resolved! Even with that result, this recent incident is a great indicator that some things are just better off the old-fashioned way. Perhaps dating apps and social media are more trouble than they’re worth?