Kaspersky Lab researchers have discovered a variety of vulnerabilities in popular dating apps that may have various negative consequences for users
From simple recognition of a specific person to unsecured data transfers and leakage personal information. After analyzing nine popular global services, it has been found that some of them offer very low levels of data protection.
Dating apps are becoming more and more popular around the world. According to the latest report “Dangerous Liaisons: is everyone doing it online?”, One in three users is currently using an online dating service. However, with the increasing popularity of these services, there is an important security issue, as most online dating services require users to share personal information.
Taking this into account, a team of researchers from Kaspersky Lab decided to look at how safe it really is. They analyzed the most popular online dating applications in different regions of the world, looking for various vulnerabilities that could affect the real life of users and change their status by turning them from “daters” to “victims.”
This research revealed that users face multiple risks when using online dating applications. For example, they can be identified by finding their name from profiles on social networks, and they can also be identified in the physical world through the use of geographic distribution data. In addition, they may lose access to their accounts or misuse their personal data.
Our experts have discovered a common security risk that exists in many applications and is related to the token-based authentication method, which is used by dating apps for new registration processes. A token is created on request from a server to uniquely identify the user and usually asks for access to a Facebook account.
It then provides access to general user information including the user’s name, email, and profile profile. By using this method, applications receive all the necessary data to be able to authenticate the user to their servers. However, based on the research, tokens are often stored or used unsafe and, therefore, can be easily stolen. As a result, attackers can gain temporary access to victims’ accounts even without their login and password.
Following this vulnerability with bad storing token, users may also encounter another threat is related to the security of historical messages stored on the device that the attackers can access and read. Such attacks are a particular threat to Android device users. Some of them, who run outdated software, have open vulnerabilities that allow attackers to gain root access to the device, which can be used to access private information, including user activity in online dating applications such as scripts messages and photos they see.
In addition, the users of the six applications analyzed can be traced back to their location. In some of the applications, Kaspersky Lab has also detected dangers in the data transmission process. Although most applications use SSL (Secure Sockets Layer) to communicate securely with servers, some data is sent through the HTTP protocol and they are not encrypted. This provides hackers with the ability to watch these communications, which often contain personal information such as the user’s location, visited profiles, messages, device data, etc. Using a bad connection, attackers can also take control of the victim’s account.
To prevent theft of your data, Kaspersky Lab recommends the following:
• Use a VPN network to ensure a secure connection
• Do not share sensitive identification information, such as education and work. Install a Reliable Security Solution on Your Device.
Thanks for being here Famz👏, we hope you enjoyed the post📖? If so, please don’t leave🏃 without helping us do the following: Share the POST to your SOCIAL CIRCLES, give the post a LIKE to encourage us👍, DROP COMMENTS/VIEWS using the comment box below, BOOKMARK this page and most importantly, LIKE OUR FACEBOOK PAGE so as not to miss any of our updates.