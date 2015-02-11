Feb 11 The millions of people using dating apps
on company smartphones could be exposing themselves and their
employers to hacking, spying and theft, according to a study by
International Business Machines Corp.
IBM security researchers said 26 of 41 dating apps they
analyzed on Google Inc's Android mobile platform had
medium or high severity vulnerabilities, in a report published
on Wednesday.
IBM did not name the vulnerable apps but said it had alerted
the app publishers to problems.
Apps such as Tinder, OkCupid and Match have become hugely
popular in the past few years due to their instant messaging,
photo and geolocation services. About 31 million Americans have
used a dating site or app, according to a 2013 Pew Research
Center study.
IBM found employees used vulnerable dating apps in nearly 50
percent of the companies sampled for its research. Using the
same phone for work and play, a phenomenon known as "bring your
own device," or BYOD, means users and their employers are both
open to potential cyber-attacks.
"The trouble with BYOD is that, if not managed properly, the
organizations might be leaking sensitive corporate data via
employee-owned devices," said the IBM report.
IBM said the problem is that people on dating apps let their
guard down and are not as sensitive to potential security
problems as they might be on email or websites.
If an app is compromised, hackers can take advantage of
users waiting eagerly to hear back from a potential love
interest by sending bogus "phishing" messages to glean sensitive
information or install malware, IBM said.
A phone's camera or microphone could be turned on remotely
through a vulnerable app, which IBM warned could be used to
eavesdrop on personal conversations or confidential business
meetings. Vulnerable GPS data could also lead to stalking, and a
user's billing information could be hacked to purchase things on
other apps or websites.
IBM said it had not so far seen a rash of security breaches
due to dating apps as opposed to any other kind of social media.
Meanwhile, it recommends that dating app users limit the
personal information they divulge, use unique passwords on every
online account, apply the latest software patches and keep track
of what permissions each app has.
IAC/InterActiveCorp, which owns Tinder, OKCupid and
Match, did not have any immediate comment on the IBM report.
