A Dating App May Break Your Heart—or Your Firm'sBy Samuel Greengard | Posted 2015-02-12 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Nearly half of organizations surveyed have at least one worker-installed dating app on mobile devices that are used to access confidential business information.
If you listen to the Beatles, it's clear that "All You Need Is Love." But finding it on the Internet and through mobile apps is an increasingly risky proposition.
According to a new report from IBM Security, a whopping 60 percent (26 out of 41) of popular dating apps it examined in the Google Play app store in October 2014 were vulnerable to hacks and attacks. These vulnerabilities can put potentially personal and private data at risk, and they can compromise corporate data as well.
The IBM research reveals that these dating apps gain access to mobile features on smartphones, including cameras, microphones, storage, GPS systems and even mobile wallet billing information. And if you think all this is a somewhat abstract concept that has little or nothing to do with your enterprise, think again. Researchers found that nearly 50 percent of organizations have at least one of these employee-installed popular dating apps on mobile devices that are used to access confidential business information.
Among the specific vulnerabilities identified on the at-risk dating apps: cross-site scripting via man in the middle, debug flag enabled, weak random number generator and phishing via man in the middle. When these vulnerabilities are exploited, an attacker can potentially use the mobile device to conduct attacks.
"Some users may be engaged in a dangerous tradeoff—with increased accessibility resulting in decreased personal security and privacy," noted Caleb Barlow, vice president at IBM Security.
The problem isn't entirely theoretical. Somewhere between greeting cards, roses and boxes of chocolates lies the murky world of actual malware. Phishing and spear-phishing methods are on the rise, and love-themed campaigns pop up at Valentine's Day, as well as during the year.
"We still see cyber-tricks that attempt to manipulate users' heartstrings and encourage rash decisions," reported Fred Touchette, a security analyst at email and Web security firm AppRiver. "Such attacks can—and do—propagate quickly over social media, as well as other, more traditional methods such as email and infected Websites."
A bit of vigilance can go a long way toward avoiding a headache—and plenty of heartache. Organizations must deploy mobile device management (MDM) and mobile threat management tools, control what's stored on phones and educate their employees.
"Malware authors are always looking for a chance to leverage a newly discovered vulnerability," Touchette pointed out. "That's why it is so important for users to remain vigilant. If it looks too good to be true, it is. If you don't recognize the sender or you weren't expecting a piece of mail that shows up in the inbox, it's best to air on the side of caution and just delete it."