Smartphones have replaced PCs for many consumers, who use them for banking, ordering a pizza, buying merchandise, communicating on social media and looking for a relationship.
It's that last one that has IBM security analysts concerned.
A study by IBM Security examined 41 major online dating apps and found that 60% were potentially vulnerable to a variety of cyber attacks that are not just creepy, but could expose the user to physical and financial harm.
The study did not list the apps in the study but IBM said it has notified the makers of all the apps with vulnerabilities of its findings. All the apps the company studied operated on the Android platform.
The problem is made worse by the fact that many of these dating apps have access to other features on your smartphone, including the camera and microphone, GPS location history and mobile wallet billing information.
Sounding the alarm
IBM is sounding the alarm, not just because of these security flaws but because dating apps have become so widespread.
A 2013 study by Pew Research found 1 in 10 Americans, or roughly 31 million people, have used a dating site or app and the number of people who dated someone they met online grew to 66%. If these dating sites are accessed through a smartphone, IBM says it can expose users to risks.
"Many consumers use and trust their mobile phones for a variety of applications,” said Caleb Barlow, Vice President, IBM Security. “It is this trust that gives hackers the opportunity to exploit vulnerabilities like the ones we found in these dating apps."
Here are some of the ways consumers looking for a relationship on their mobile devices can run into trouble:
- Downloading malware: It's easy to let down your guard in love's first blush. IBM says some of the vulnerable apps could be reprogrammed by hackers to send an alert that asks users to click for an update or to retrieve a message that, in reality, is just a ploy to download malware onto their device.
- GPS data used to track movements: That's not only creepy, but dangerous. If a hacker decides to stalk you, he can. IBM found 73% of the 41 popular dating apps analyzed have access to current and past GPS location information.
- Credit card numbers stolen: The study found that 48% of the 41 popular dating apps have access to the user's billing information stored on the device. A semi-skilled hacker can get to it.
- Remote control of camera and microphone: Okay, this one is really creepy. But besides a hacker spying on your personal life, he or she can listen in on confidential business meetings. So the security flaw on dating apps could end up posing a threat to businesses too, IBM says.
Threat to businesses
In fact, this could turn out to be a big deal for businesses that increasingly are allowing employees to use their personal devices to connect with the corporate network, a policy known as Bring Your Own Device (BYOD).
IBM says businesses need to be aware of these vulnerabilities and take steps to protect their infrastructure. IBM said it found nearly half the organizations sampled for this research have at least one of these popular dating apps installed on corporate-owned or personal mobile devices used for work.
In the meantime, consumers need to be aware of that using a dating app on a smartphone might not be just 2-way communication.
"Consumers need to be careful not to reveal too much personal information on these sites as they look to build a relationship,” Barlow said. “Our research demonstrates that some users may be engaged in a dangerous tradeoff – with increased sharing resulting in decreased personal security and privacy."