Dating apps have major security vulnerabilities that could expose users' private information
Singles looking for love using mobile dating apps could be putting their device security at risk, experts have warned.
An investigation into many of the world's most popular dating apps by Kaspersky Labs has found that many services are not providing sufficient levels of data protection, with hackers able to potentially identify users and steal personal information.
The Kaspersky Labs team investigated nine of the leading dating apps, and discovered that many fail to protect users from criminals, who could identify customers through finding out details on social media profiles, or even track them down in the real world using geolocation data.
Kaspersky Labs' research found that many apps shared a common security risk linked to the token-based authentication process used to register new users. When someone signs up to an app, a token is created by request in order to uniquely identify the user, typically asking for access to a Facebook account, which can then grant access to general information such as their first and last names, e-mail address and profile picture, allowing the app to authenticate the user on its own servers.
However, these tokens are often stored or used insecurely, Kaspersky Lab found, and, therefore, can be easily stolen and used to gain access to victims’ accounts without needing login and password details.
Message histories were also found to be at risk, particularly for Android users running outdated software containing vulnerabilities that enable attackers to gain root access to the device, which could allow outsiders to read messages written and photos viewed in their chosen dating apps.
Six of the nine apps were also found to have geolocation weaknesses, with Kaspersky Lab also identifying risks in the data transmission process. Although most applications use SSL (Secure Sockets Layer) to secure communication with servers, some data is sent via the HTTP protocol and is not encrypted.
This provides hackers with the opportunity to intercept these communications, which often contain personal information such as the user’s location, profiles visited, messages, device data etc. Using an insecure connection, intruders can also gain control of a victim’s account.
"With the development of the web came the emergence of various social media platforms and applications designed to make our lives easier and more convenient: for example, online dating apps aiming to help us find companions. However, many of these services are not protected against cyber attacks," said David Emm, principal security researcher at Kaspersky Lab.
"Daters are also putting themselves at risk by sharing sensitive personal information in their profiles, such as their place of education and work. Armed with this information, intruders can easily find victims’ real accounts on Facebook and LinkedIn networks. It also opens possibilities for stalking -- to harass people and track their movements in real life. Therefore you should be sure to carefully monitor your privacy, security and data protection when dating online."
In order to keep your data safe from thefts, Kaspersky Lab recommends avoiding public Wi-Fi hotspots, which often lack efficient protection, or to use a VPN service. Users should also be wary about sharing sensitive ID or personal information, and ensure their device is protected by an up-to-date security offering.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.