The
millions of people using dating apps on company smartphones could be
exposing themselves and their employers to hacking, spying and theft,
according to a study by International Business Machines Corp.
IBM
security researchers said 26 of 41 dating apps they analyzed on Google
Inc's Android mobile platform had medium or high severity
vulnerabilities, in a report published.
IBM did not name the vulnerable apps but said it had alerted the app publishers to problems.
Dating
apps have become hugely popular in the past few years due to their
instant messaging, photo and geolocation services. About 31 million
Americans have used a dating site or app, according to a 2013 Pew
Research Center study.
IBM
found employees used vulnerable dating apps in nearly 50 percent of the
companies sampled for its research. Using the same phone for work and
play, a phenomenon known as "bring your own device," or BYOD, means
users and their employers are both open to potential cyberattacks.
"The
trouble with BYOD is that, if not managed properly, the organizations
might be leaking sensitive corporate data via employee-owned devices,"
said the IBM report.
IBM
said the problem is that people on dating apps let their guard down and
are not as sensitive to potential security problems as they might be on
email or websites.
If
an app is compromised, hackers can take advantage of users waiting
eagerly to hear back from a potential love interest by sending bogus
"phishing" messages to glean sensitive information or install malware,
IBM said.
A
phone's camera or microphone could be turned on remotely through a
vulnerable app, which IBM warned could be used to eavesdrop on personal
conversations or confidential business meetings. Vulnerable GPS data
could also lead to stalking, and a user's billing information could be
hacked to purchase things on other apps or websites.
IBM said it had not so far seen a rash of security breaches due to dating apps as opposed to any other kind of social media.
Meanwhile,
it recommends that dating app users limit the personal information they
divulge, use unique passwords on every online account, apply the latest
software patches and keep track of what permissions each app has.
IAC/InterActiveCorp, which owns some of the most popular dating apps, said its services were not at risk.
"IBM
tested IAC's dating apps — including Match, OkCupid, and Tinder — and
they were not among the apps found to exhibit the cited
vulnerabilities," the company said in a statement emailed to Reuters.
ConversionConversion EmoticonEmoticon