IBM security researchers said 26 of 41 dating apps they analysed on Google Android mobile platform had medium or high severity vulnerabilities. Curiously the IBM team did not look at dating applications on Apple gear, probably because the company signed a deal to push Apple gear in the workplace.
Unfortunately IBM did not name and shame the vulnerable apps but said it had alerted the app publishers to problems.
Apparently Tinder, OkCupid and Match have become hugely popular in the past few years due to their instant messaging, photo and geolocation services. In 2013 it was estimated that 31 million Americans have used a dating site or app.
IBM found employees used vulnerable dating apps in nearly 50 percent of the companies sampled for its research. By using the same phone for work and play or “bring your own device,” it means that companies are wide open for such attack vectors.
Am IBM report said that while BYOD was seen as a way that companies could save cash by allowing employees to use their home gear on corporate networks , if not managed properly, the organizations might be leaking sensitive corporate data via employee-owned devices.
IBM said the problem is that people on dating apps let their guard down and are not as sensitive to potential security problems as they might be on email or websites.
If an app is compromised, hackers can take advantage of users waiting eagerly to hear back from a potential love interest by sending bogus “phishing” messages to glean sensitive information or install malware, IBM said.
A phone’s camera or microphone could be turned on remotely through a vulnerable app, which IBM warned could be used to eavesdrop on personal conversations or confidential business meetings. Vulnerable GPS data could also lead to stalking, and a user’s billing information could be hacked to purchase things on other apps or websites.
Strangely, despite its dire warnings to Android users, IBM said it had not so far seen a rash of security breaches due to dating apps as opposed to any other kind of social media.
Meanwhile, it recommends that dating app users limit the personal information they divulge, use unique passwords on every online account, apply the latest software patches and keep track of what permissions each app has.