An anonymous Slashdot reader writes:
Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, “Not only we can eavesdrop on the conversation of two strangers, we can also change their reality.” The attack can easily be extended to SMS, Whatsapp, iMessage and voice.
“At some point people exchange phone numbers and the Tinder convo stops. That’s not a problem…” Zboralski explains, suggesting more ways to continue the man-in-the-middle exploits..
His article drew a response from Tinder, arguing they “employ several manual and automated mechanisms” to deter fake and duplicate profiles. But while they’re looking for ways to improve, “ultimately, it is unrealistic for any company to positively validate the real-world identity of millions of users while maintaining the commonly expected level of usability.”
Read more of this story at Slashdot.