IBM: 63 percent of dating apps vulnerable to hackers

13 February 2015 Consultancy.uk

People who use dating apps are at risk of not only finding new love, but also of finding their sensitive information stolen, research by IBM shows. According to the firm, more than 60% of dating apps are vulnerable to hackers as they have access to additional features on mobile devices which can be used in an attack. The firm identifies five possible scenarios arising from this vulnerability and five steps consumers can take to better protect themselves.

Dating apps
In today’s world of rapid expanding data-driven technologies, people are becoming more and more interconnected, from working via a cloud, to talking to friends via mobile apps, to meeting new people on social platforms or dating apps. In recent years, the use of dating apps has grown strong as it is a convenient way for singles of all ages to meet new love interests. With these apps, users can get to know their potential date through the use of instant messaging, photo-sharing as well as geo-location services. According to research by American think tank Pew Research, 1 in 10 Americans (31 million people) have used a dating site or app to find dates.

Use of dating apps grows strongly

With the increased use of technology to find new lovers, the threat of hackers also increases. To classify this risk, IT giant IBM recently researched the vulnerability of 41 popular dating apps available on Google’s Android mobile platform to hackers, using the IBM AppScan Mobile Analyser tool. This analysis showed that 63% (26) of these apps have medium to severe security vulnerabilities and could put personal user information and corporate data at risk.

IBM’s research shows that the reason why these apps are at risk to be hacked is that many of the dating applications have access to additional features on mobile devices. Almost half of the apps have access to the user’s mobile wallet billing information (49%), 73% to the phone’s GPS location, and a third (34%) to its camera. Half of the companies surveyed by IBM have employees that use these apps on mobile devices they also use to access business information, which makes them possible victims to hacking, spying and theft.

How hackers have the means

Specific vulnerabilities identified on the at-risk dating apps included “cross site scripting via man in the middle, debug flag enabled, weak random number generator and phishing via man in the middle.” In the analysis, the firm identifies five possible scenarios that could follow from exposure to these risks. These include the possibility of hackers gaining access to the phone’s camera or microphone, sending malware when a user is expecting a messages from his/her date, gaining access to GPS to track the user’s movements, taking control over the user’s dating profile or even stealing credit card information.

How hackers can exploit dating apps

What can consumers do to protect themselves?
As consumers are possibly not only putting their own information, but possibly also that of their company in danger, they should be aware of the risks and protect themselves accordingly. IBM lists five steps users can take to decrease their vulnerability. Users should chose their passwords wisely, update their apps, should not share too much information, check the app’s permissions and only use trusted wifi-connections.

How users can protect themselves

Caleb Barlow, Vice President of IBM Security, explains: “Many consumers use and trust their mobile phones for a variety of applications. It is this trust that gives hackers the opportunity to exploit vulnerabilities like the ones we found in these dating apps. Consumers need to be careful not to reveal too much personal information on these sites as they look to build a relationship. Our research demonstrates that some users may be engaged in a dangerous trade-off – with increased sharing resulting in decreased personal security and privacy.”

News