Are you going to get hacked while looking for love online?
As the stigma around online dating begins to fade, an increasing number of young (and older) Americans are wading out into the sometimes turbulent waters of sites and apps like OKCupid, Match.com, and Tinder. In fact, 15 percent of our nation’s inhabitants now say they’ve used some sort of digital matchmaking tool, which means that a lot of these sites and apps have a lot of people’s personal information. Sure, signing up for Tinder isn’t quite like applying for a credit card, but it should still be noted that many of these online dating services collect quite a bit of data on its users. And according to recent research from security provider Seworks and security tech company UpGuard, dating apps are ripe for the picking when it comes to the next big hack.
This Valentine’s Day, Pew Research estimated that some 38 percent of U.S. singles had a profile on a dating site or app. But according to Min-Pyo Hong of Seworks, these services are all extremely vulnerable to attack. Last Month, Hong and his team reviewed five “top dating apps,” and found that “all were vulnerable to hacking, containing exploits that would enable breaches similar to the infamous attack on Snapchat … or … the leaking of users’ data from an HIV-positive dating app.” And while Hong did not disclose which apps his team analyzed in his guest post for VentureBeat, he noted that “the two very most popular we analyzed have been downloaded between 10 million and 100 million times from Google Play alone.”
Key to Seworks findings were the fact that all five of the apps were 100 percent decompilable, which Hong explains as “a process that enables hackers to reverse engineer and compromise an app.” Worse yet, “none of the dating apps [they] analyzed had protections to prevent or delay unauthorized decompiling,” and one of the apps “was not using secure communications, making it easy for hackers to intercept data being exchanged between the app and the server.” And perhaps most alarming was the fact that the source code of these apps was obfuscated, or in plain text. Some of this text included “hard-coded key values, website addresses, and other critical information that could allow hackers access to sensitive data.”