By Hayley Axford
In today’s society, where most people are connected to various online platforms, dating mobile applications are becoming increasingly popular and convenient for people of all ages to meet love interests. While these apps are relatively new to the market, membership continues to grow at a rapid rate; which makes them more likely to fall within the radar of cyber attackers.
IBM, the world’s largest information technology company, has released a report on their Security division’s analysis of mobile dating applications. The company found that nearly 60% of the world’s leading Android dating applications were vulnerable to potential cyber attacks. The study found that these applications put personal user information and corporate data at risk. In South Africa and across Africa, 51% of cellphone users are now using mobile apps. IBM said that “with over 1000 dating sites in South Africa, the potential for information to get into the wrong hands through an innocent romantic encounter, is real”.
Researchers from IBM Security revealed that many of these dating apps have access to additional features on mobile devices, such as the camera and microphone. This allows cyber criminals to spy on the mobile user, accessing their storage and mobile wallet billing information. Dating apps commonly use GPS location to pair people with those who live in close proximity to them. IBM noted that 73% of the 41 popular dating applications that were analysed have access to “current and historical GPS location information”. Hackers will be able to capture your current and former GPS location details and will be able to identify where you live, work or spend most of your time.
Smartphones and other devices are prone to common attacks such as:
- Cross site scripting: these act as a gateway for hackers to gain access to your other mobile applications, as well as features on your device via an insecure Wi-Fi connection or rogue access point.
- Debug-flag enable exploits: debug-enabled applications on Android phones can attach to other applications, reading and writing to the application’s memory, allowing hackers to intercept information sent. They can also inject malicious data into it and out of it.
- Phishing attacks: Attackers can provide you with a fake login screen via dating applications, so that when you log onto another site, your personal information is disclosed without your knowledge. This is common with identity theft.
IBM warns that if the person you’re communicating with online refuses to provide the same basic information that they are asking of you, or if their photos and profiles appear too good to be true, or do not match the person you are engaging with, “trust your instinct and move on”.
Tips to protect yourself from these cyber threats:
- Check your smartphone regularly for potential rogue apps. You can do this by getting software that will scan your installed applications and identify which apps have access to your personal information and GPS location.
- Don’t divulge too much personal information, such as where you work, your identity number, birthday or links to your other social media profiles.
- Use unique passwords for all your online social accounts. If you only use one password for all your accounts, you increase your chance of multiple attacks.
- Clean up your contact list. Often people attach descriptions to the personal or business contacts that they add to their address books, information which should probably not be disclosed.
- Always apply the latest patches and updates as soon as they become available. This will detect identified bugs in your device and apps and will make them more secure.
- Used trusted Wi-Fi connections. Hackers love to make use of fake Wi-Fi connections.
- Delete or deactivate your account on dating apps once you have found the love of your life, so that your personal information is no longer publically available.
Besides online dating apps, perhaps we should become more cautious with all our online activity, limiting the amount of personal information that we both willingly and unwillingly disclose.