Dating apps could leave companies vulnerable to cyber attacks, report finds

Using the same phone for work and play could create security issues, according to IBM security researchers

Once seen as a bit weird, these days looking for love online has become the norm – but dating apps could be leaving businesses vulnerable to cyber attacks, research has found.

Millions of users logging onto dating apps from their company smartphone could be exposing themselves and their employers to hacking, spying and theft, according to a study by International Business Machines Corp (IBM).

In a report published today, IBM security researchers said almost two thirds (26 of 41) dating apps they analysed on Google Inc's Android mobile platform had medium or high severity vulnerabilities.

IBM did not name the vulnerable apps but said it had alerted the app publishers to problems.

Dating apps such as Tinder, Match.com and OKCupid have become hugely popular in recent years on account of the freedom they allow users, helping them to search for potential love interests based on a range of factors, such as location and hobbies, and to send instant messages. They are cheaper than traditional dating sites or often free.

IBM found employees used vulnerable dating apps in nearly 50 per cent of the companies sampled for its research. Using the same phone for work and play, a phenomenon known as "bring your own device", or BYOD, means users and their employers are both open to potential cyber-attacks.

"The trouble with BYOD is that, if not managed properly, the organizations might be leaking sensitive corporate data via employee-owned devices," said the IBM report.

 

IBM said the problem is that people on dating apps let their guard down and are not as sensitive to potential security problems as they might be on email or websites.

If an app is compromised, hackers can take advantage of users anticipating a response from a potential date by sending bogus "phishing" messages to glean sensitive information or install malware, IBM said.

A phone's camera or microphone could be turned on remotely through a vulnerable app, which IBM warned could be used to eavesdrop on personal conversations or confidential business meetings. Vulnerable GPS data could also lead to stalking, and a user's billing information could be hacked to purchase things on other apps or websites.

IBM said it had not so far seen a rash of security breaches due to dating apps as opposed to any other kind of social media.

Meanwhile, it recommends that dating app users limit the personal information they divulge, use unique passwords on every online account, apply the latest software patches and keep track of what permissions each app has.

IAC/InterActiveCorp, which owns some of the most popular dating apps, said its services were not at risk.

"IBM tested IAC's dating apps - including Match, OkCupid, and Tinder - and they were not among the apps found to exhibit the cited vulnerabilities," the company said in a statement emailed to Reuters.

Additional reporting by Reuters

Comments