A recent analysis of popular mobile dating apps brings new meaning to the expression “taking a chance on love.” Anyone thinking of hitting the dating apps just in time for Valentine’s Day might want to know about a study by IBM. It showed that over 60 percent of leading dating mobile apps are potentially vulnerable to a variety of cyber-attacks.
IBM Security researchers looked at apps available on the Google Play app store in October and found that 26 of the 41 on the Android mobile platform had either medium or high security vulnerabilities. These include cross-site scripting (XSS) via Man in the Middle (MiTM), debug flag enabled, weak random number generator (RNG): and phishing via MiTM. Through these vulnerabilities, an attacker can modify data and information stored on the applications, cause confidential information to potentially be leaked from the device, or deny the user access to the application.
Of course, the big cost of these risks is when they spill over into the workplace. This same study found that nearly 50 percent of organizations sampled have at least one of these popular dating apps installed on mobile devices used for work, either those supplied by the organization or the employee’s personal device. That means the possible threat to personal data and privacy can suddenly mushroom into a much bigger threat to enterprise data and intellectual property.
Should users break up with their mobile dating apps? Not over this. There are things they can do to reduce the risk of cyber-hacks:
- Don’t give up too much personal information, like where you work, your birthday or your social media profiles — until you’re comfortable with the person you’re interacting with via the app.
- Decide if you want to use the app by checking the permissions it asks for via the settings on your mobile device. Check again after an update, because apps often automatically reset the permissions that determine what phone features they have access to, like your address book or GPS data.
- Use unique passwords for every online account you have. If you use the same password for all your accounts it can leave you open to multiple attacks after the first account is compromised.
- Always apply the latest patches and updates to your apps and your device when they become available. This will fix any identified software bugs in your device and applications and reduce vulnerabilities.
- Use only trusted Wi-Fi connections when on your dating app. Hackers love fake Wi-Fi access points that connect you directly to their device to execute these types of attacks. According to IBM, many of the vulnerabilities found in this research can be exploited via Wi-Fi.
Michael Montecillo is the IBM Security Services North America Director of Security Intelligence. He has more than ten years of experience in information security, during which he has served as a Senior Threat Researcher on the IBM X-Force Threat Analysis team, as a Vulnerability Management Coordinator and Forensic Investigator for government as well as a consultant and Principal Security Analyst Enterprise Management Associates, an industry analysis firm. As the North America Director of Security Intelligence, Michael works directly with clients to enhance their security posture through the integration of actionable external information.