Heart hackers: dating apps pose real security risks says IBM
via Flickr © HolySkittles (CC BY 2.0)
Dating sites have always been host to fraud, most often of the low-level, “Yes of course that’s a recent photo,” sort of caper. But take that standard human vulnerability and add in some technological extras such as camera/microphone, GPS, billing mechanisms, BYOD smartphone use and mobile apps, and you have a potent environment for fraudsters and cyber-attackers.
IBM has been running a few security tests to see just how vulnerable both individuals and, in these BYOD days, their corporate employers might actually be. “Very” says IBM.
You wouldn’t expect less from an outfit selling security solutions but IBM’s analysis is alarming all the same. IBM Security found that over 60 per cent of leading dating mobile apps it studied were potentially vulnerable to a variety of cyber-attacks which meant, in a BYOD context, that both personal user information and corporate data was at risk.
So what are the tricks hackers might deploy?
An app might download malware which could then track movement via phone’s GPS; it could harvest credit card numbers; and it could take control of mic and camera to trap personal information for blackmailing purposes.
In the US dating apps are now just part of the connected culture and broadly seen as a convenient way for singles of all ages to meet new love interests. IBM says a Pew Research study from 2013 revealed that 10 per cent of Americans - 31 million people - have used a dating site or app.
The trouble is that 26 of the 41 Android dating apps IBM analysed in the Google Play app store in October 2014, had either medium or high severity vulnerabilities.
So little wonder that IBM went on to find that nearly 50 per cent of the organizations analyzed had at least one of the popular (and analyzed as vulnerable by IBM) dating apps installed on at least one (often more) of the mobile devices used by employees to access business information.
The solution? For users the usual things - password refresh, security patch diligence and so on. Corporates, of course, should consider banning classes of apps from BYOD phones (which for users kind of takes a lot of the ‘O’ out of the proposition). But I like one of IBM’s strictures which advises - Be Mysterious: Don't divulge too much personal information on these sites such as where you work, birthday or social media profiles until you're comfortable with the person you are engaging with via the app.
If both sides followed that advice it would generate a long online courtship.