UK National Cyber Security Centre Warns of 5 Online Dating Risks

Asian Companies
The UK’s National Cyber Security Centre, a part of GCHQ, has warned in its weekly threat report that “Dating apps may put users’ personal data at risk”.

The report cites research conducted at Kaspersky Labs, which identifies a number of areas where daters might be vulnerable to hacking.

The study concerned:

  • Tinder for Android and iOS
  • Bumble for Android and iOS
  • OK Cupid for Android and iOS
  • Badoo for Android and iOS
  • Mamba for Android and iOS
  • Zoosk for Android and iOS
  • Happn for Android and iOS
  • WeChat for Android and iOS
  • Paktor for Android and iOS

The first problem was that four of the nine apps allow potential criminals to circumvent nicknames or usernames and discover the true identity of users. This can be done by piecing together the public information on their profile, and cross-referencing it with other public social media accounts.

Researchers were, notably, able to discover social media accounts for 100% of Happn and Paktor users.

Secondly, the location data provided by apps like Happn and Tinder makes ‘tracking down’ other users possible – a user would simply have to move around and log how the distance changed in order to accomplish this.

Thirdly, unprotected data transfer on some platforms may put users personal information at risk. Mamba, in particular, does not make full use of encryption technology – a third party can view, and may be able to edit, the messages of other users. Zoosk also had significant vulnerabilities on this front, though only in the uploading of photos and videos.

Fourthly, five out of nine apps were vulnerable to ‘man-in-the-middle’ attacks – the hijacking of traffic by a rogue server. Because many apps verify through Facebook, a successful man-in-the-middle attack could give a criminal access to parts of other social media accounts.

Lastly, Android versions of apps were vulnerable to attacks on ‘Superuser rights’. The researchers note that: “the result of the analysis is less than encouraging: Eight of the nine applications for Android are ready to provide too much information to cybercriminals with superuser access rights”.

Kaspersky Labs recommend using a VPN, installing security solutions on devices, and only sharing information with strangers on a need-to-know basis.