Valentine's (Zero) Day: Most Dating Apps Are Open to Hackers
Don't get your heart broken this Valentine's Day, but also make sure you don't get your personal life cracked as well.
According to a recent report, the majority of dating apps are quite hackable. And for every extra feature offered, more details of your personal life are vulnerable to violation and possible theft.
It's Valentine's Day in 2015, and dating apps are now a ubiquitous, quick, and convenient way to find people interested in exactly the same level of intimacy that you are. In fact, as Reuters reported, a 2013 study by Pew Research found that about 31 million Americans (about 10 percent) have used either a dating site or app.
We recommended a dating app just this week in a special Valentine's Day edition of Tap That App Tuesday (Bumble: highly recommended). But there are many low-rent dating apps out there, and many might expose intimate details about you to the ultimate Mr. Wrong -- a hacker waiting in the digital shadows to take advantage of you.
According to a report this week from Net Security, IBM Security has found that the vast majority of Android mobile dating apps are potentially vulnerable to cyber attacks that can put your data -- or valuable corporate data -- in the hands of the wrong people. In fact, of the 41 Android data apps IBM analyzed, 26 had "medium or high severity vulnerabilities," as the IBM report put it.
The vulnerabilities to attacks IBM found in some dating apps ranged from bad, to surprisingly, invasively terrible, including:
Dating App Used to Download Malware: Users let their guard down when they anticipate receiving interest from a potential date. That's just the sort of moment that hackers thrive on. Some of the vulnerable apps could be reprogrammed by hackers to send an alert that asks users to click for an update or to retrieve a message that, in reality, is just a ploy to download malware onto their device.
GPS Information Used to Track Movements: IBM found 73% of the 41 popular dating apps analyzed have access to current and past GPS location information. Hackers can capture a user's current and past GPS location information to find out where a user lives, works, or spends most of their time.
Credit Card Numbers Stolen From App: 48% of the 41 popular dating apps analyzed have access to a user's billing information saved on their device. Through poor coding, an attacker could gain access to billing information saved on the device's mobile wallet through a vulnerability in the dating app and steal the information to make unauthorized purchases.
Remote Control of a Phone's Camera or Microphone: All the vulnerabilities identified can allow a hacker to gain access to a phone's camera or microphone even if the user is not logged into the app. This means an attacker can spy and eavesdrop on users or tap into confidential business meetings.
Hijacking of Your Dating Profile: A hacker can change content and images on the dating profile, impersonate the user and communicate with other app users, or leak personal information externally to affect the reputation of a user's identity. This poses a risk to other users, as well, since a hijacked account can be used by an attacker to trick other users into sharing personal and potentially compromising information.
On top of that, the world of Bring Your Own Device (BYOD) puts corporate data at risk from these leaky apps installed on dual-use work/personal smartphones, according to IBM.
Major apps like Tinder, Match and OkCupid were not found to be vulnerable by the IBM study (since Bumble is iOS only, neither was our pick for Tap That App Tuesday this week).
Dating (App) Advice from IBM
If you don't know whether to trust your dating app or not, IBM has offered this handy checklist of common sense app security practices, which we recommend you apply to any app you use: