Beware, digital Valentine: That dating app may invite a hack

It’s not bad enough that you risk being hacked when you shop or go to the doctor. Now you have to worry about dating apps.

Now that’s real heartbreak.

So says IBM. In a study released just in time for Valentine’s Day, IBM says more than 60 percent of dating mobile apps are vulnerable to cyber attack. IBM Security says 26 of 41 Android-based mobile platform dating apps “had either medium or high severity vulnerabilities.”

It’s not so much the apps for dating that put you as well as corporate data accessed through a mobile device. It’s that these apps can access information and features on your mobile device, from that “mobile wallet” you use for buying something to your geographic location (GPS) and camera.

IBM (NYSE: IBM) researchers also says data from many businesses and organizations can be accessed through those devices.

How do you firewall love?

“Many consumers use and trust their mobile phones for a variety of applications. It is this trust that gives hackers the opportunity to exploit vulnerabilities like the ones we found in these dating apps,” said Caleb Barlow, Vice President, IBM Security. “Consumers need to be careful not to reveal too much personal information on these sites as they look to build a relationship. Our research demonstrates that some users may be engaged in a dangerous tradeoff – with increased sharing resulting in decreased personal security and privacy.”

Noting a poll that says some 31 million Americans have used dating sites or apps, vulnerabilities could be exploited for any number of malicious reasons.

Internet company IAC defended its apps, which are among the more popular ones.

“IBM tested IAC’s dating apps-including Match, OkCupid and Tinder – and they were not among the apps found to exhibit the cited vulnerabilities,” an IAC spokesman told web site Tech Times “We are confident in the continuing security measures we take to make sure our products meet the highest security standards.”

Forbes recently cited “5 Dating Apps To Help You Find Love.”

“As we spent more hours on handheld devices, these dating apps are hoping to help you find mobile love”

The list: Grouper, Tinder, How About We, OkCupid and Plenty of Fish.

You might want to review what IBM has to say before using any app.

Heartbreak Hack?

Possible hacks include:

Dating App Used to Download Malware: Users let their guard down when they anticipate receiving interest from a potential date. That’s just the sort of moment that hackers thrive on. Some of the vulnerable apps could be reprogrammed by hackers to send an alert that asks users to click for an update or to retrieve a message that, in reality, is just a ploy to download malware onto their device.
GPS Information Used to Track Movements: IBM found 73% of the 41 popular dating apps analyzed have access to current and past GPS location information. Hackers can capture a user’s current and past GPS location information to find out where a user lives, works, or spends most of their time.
Credit Card Numbers Stolen From App: 48% of the 41 popular dating apps analyzed have access to a user’s billing information saved on their device. Through poor coding, an attacker could gain access to billing information saved on the device’s mobile wallet through a vulnerability in the dating app and steal the information to make unauthorized purchases.
Remote Control of a Phone’s Camera or Microphone: All the vulnerabilities identified can allow a hacker to gain access to a phone’s camera or microphone even if the user is not logged into the app. This means an attacker can spy and eavesdrop on users or tap into confidential business meetings.
Hijacking of Your Dating Profile: A hacker can change content and images on the dating profile, impersonate the user and communicate with other app users, or leak personal information externally to affect the reputation of a user’s identity. This poses a risk to other users, as well, since a hijacked account can be used by an attacker to trick other users into sharing personal and potentially compromising information.

So what’s a consumer to do?

IBM offer these tips: