Happy Valentine’s Day from the Cymmetria team! Whether or not you choose to celebrate today, keep in mind that cybercriminals also celebrate Valentine’s Day; usually by hacking and stealing data (they just LOVE doing it).
According to a Pew Research Center study, 38% of Americans meet their dates using dating apps. A separate study by Seworks shows that the most popular dating apps are dangerously underprotected and can be easily hacked. In the study, the company randomly chose five of the ten most popular dating apps on Google Play and analyzed each app’s level of security. All of the apps were found to be vulnerable to man-in-the-middle attacks, which can be used to steal private data (location, files, contact information and more). They managed to decompile the apps’ code, examine and easily tamper with the source texts.
These were ordinary, unencrypted text files, some of which contained web addresses and private data. One of these apps even had the client key and the Parse app ID hard-coded into its source (an attacker can use these to gain server access with ease). Another app used unencrypted communication with the company’s servers – a major security issue that allows attackers to perform data theft effortlessly.
So what should you do in order to reduce your chances of being attacked? Easy. Just don’t use dating apps today. Yes, they will remain unprotected tomorrow – but Valentine’s Day is when usage rates peak. If you leave these apps alone tonight, your chances of being pwnd will be much slimmer.
Until the app vendors fix their products (so they won’t end up like Snapchat or Ashley Madison), we recommend talking to people on more secure platforms (Facebook, for instance) or just going out and talking to people in real life. What a crazy thought, right?