Dating apps pose corporate security risks

Read time 2min 20sec
ITWeb Security Summit 2015

Don't miss the definitive event for security professionals:
26 to 28 May, Vodacom World, Midrand
Book today!

The millions of people using dating apps on company smartphones could be exposing themselves and their employers to hacking, spying and theft, according to a study by IBM.

IBM security researchers said 26 of 41 dating apps they analysed on Google's Android mobile platform had medium or high severity vulnerabilities, in a report published yesterday.

IBM did not name the vulnerable apps but said it had alerted the app publishers to the problems.

Dating apps have become hugely popular in the last few years. About 31 million US Americans have used a dating site or app, according to a 2013 Pew Research Centre study.

IBM found employees used vulnerable dating apps in nearly 50% of the companies sampled for research. Using the same phone for work and play, a phenomenon known as bring your own device, or BYOD, means users and their employers are both open to potential cyber attacks.

"The trouble with BYOD is that, if not managed properly, the organisations might be leaking sensitive corporate data via employee-owned devices," said the IBM report.

IBM said the problem is that people on dating apps let their guard down and are not as sensitive to potential security problems as they might be on e-mail or Web sites.

If an app is compromised, hackers can take advantage of users waiting eagerly to hear back from a potential love interest by sending false, "phishing" messages to glean sensitive information or install malware, IBM said.

A phone's camera or microphone could be turned on remotely through a vulnerable app and used to eavesdrop on personal conversations or confidential business meetings, IBM warned. Vulnerable GPS data could also lead to stalking, and a user's billing information could be hacked to make purchases on other apps or Web sites.

IBM said it had not so far seen a rash of security breaches due to dating apps as opposed to any other kind of social media.

Meanwhile, it recommends dating app users limit the personal information they divulge, use a unique password on each online account, apply the latest software patches and keep track of what permissions each app has.

InterActiveCorp (IAC), which owns some of the most popular dating apps, said its services were not at risk.

"IBM tested IAC's dating apps, including Match, OkCupid, and Tinder, and they were not among the apps found to exhibit the cited vulnerabilities," the company said in a statement e-mailed to Reuters.

Login with