Subscribe
About

Hackers turn online dating Casanovas

Admire Moyo
By Admire Moyo, ITWeb news editor.
Johannesburg, 03 Nov 2017

As more users take to online dating apps to find their soul mates, hackers are also taking advantage of the trend to target the unsuspecting suitors.

Kaspersky Lab researchers discovered a range of vulnerabilities contained in popular dating apps which have the potential to result in various negative consequences for users: from simply identifying a particular person, to unsecured data transmissions and the leaking of personal information.

After analysing popular global services, the cyber security firm found some provide very low levels of data protection.

Dating apps are quickly becoming more popular all over the world. According to the latest report, "Dangerous Liaisons: is everyone doing it online?", as many as one-in-three people globally are using an online dating service.

Before Tinder

On the South African front, Arthur Goldstuck, World Wide Worx MD, says online dating was big in the country long before Tinder arrived on the scene.

He explains that David Burstein and Duncan Forrest started DatingBuzz in 2002, not only as a dating service but also as a white-labelled dating engine for other sites.

"Most major online publications here have had it running under their own brands at one time or another, including Fair Lady, Cosmopolitan and Mail & Guardian - a range that gives a sense of its broad appeal.

"It is also in use around the world. There may be well over a million South Africans using one or another of these sites. About a year ago, Ayal Belling founded Predict Dating App, which uses smart matching algorithms, and has attracted international attention."

Amid the growth in popularity, Kaspersky says users face multiple risks when using online dating apps.

For example, they can be identified by finding out their names and surnames from social network profiles and can also be found in the physical world through the use of geolocation data.

Furthermore, they can lose access to their accounts, or have their personal data fall into the wrong hands, the cyber security firm says.

Authentication flaw

According to Kaspersky, a common security risk present in several applications is related to the token-based authentication method which is used by dating apps for new registration and sign-up processes.

It explains that a token is created on request by a server in order to uniquely identify the user and usually asks for access to a Facebook account. It then provides access to general user information, including first and last names, the user's e-mail address and their profile picture. By using this method, applications receive all the necessary data to enable them to authenticate the user on its servers.

However, based on the research, tokens are often stored or used insecurely and, therefore, can be easily stolen, says Kaspersky. As a result, intruders are able to gain temporary access to victims' accounts even without their login and password details.

Following this vulnerability with insecure token storage, users may also face another threat related to the safety of message histories which are stored on the device and can be accessed and read by intruders, the firm adds.

"Our research demonstrates that users of dating apps should care very much about cyber security, because many such services are not protected against several different kinds of attacks," says Roman Unuchek, security expert at Kaspersky.

"Besides this, users are putting themselves at risk by sharing sensitive personal information in their profiles, such as their place of education and work. Armed with this information, intruders can easily find victims' real accounts on Facebook and LinkedIn networks. It also opens possibilities for stalking - to harass users and track their movements in real life."

Dreams and adventure

For Goldstuck, online dating represents hopes, dreams and adventure. "As such, people go into a different mode when on these sites and apps, their guards are down, and they often want to believe what they see.

"The infamous cartoon of a dog using the Internet, with the caption, 'On the Internet, no one knows you're a dog', was inspired by this phenomenon. Many regrettable dating experiences and even criminal acts have resulted from people misrepresenting themselves."

He points out that hackers are constantly looking for vulnerabilities in systems, regularly employ social engineering, and are alert to new opportunities.

"Dating sites and apps represent the perfect human vulnerability, and if they are able to insert themselves into this environment, they could gain access to personal information, message streams and even device and location information. This makes it an environment conducive to stalking, harassment, blackmail and identity theft.

"Always be sceptical, always be alert when on an online dating site. Look out for suspicious behaviour or notifications, and report it when you encounter it. Don't share personal details that make you identifiable until you have had direct contact. Never make financial commitments to someone you haven't met. Don't let hope triumph over common sense," Goldstuck concludes.

Share