We all know someone who knew his or her spouse on a dating application. Others use these platforms only for one-night meetings. These services have greatly expanded in recent years. Personally, I see at least six ads inviting to download on my 20-minute subway ride every morning.
The game of seduction necessarily involves exchanging information and, from this premise, we can be sure that a very large number of personal data pass through its applications. Hence the importance of protecting them from all hacking attempts.
Unfortunately, according to experts at Kaspersky Lab, these services suffer from various security vulnerabilities that make it easy to steal information. The researchers have indeed tested nine different applications available on Android and iOS.
First of all, computer security experts have observed how easy it is to track down a person and learn a lot about their privacy. For example, on Tinder, Happn and Bumble, it is possible to indicate his employment and his training. Based on this information, in 60% of cases, researchers were able to identify people on other social networks such as Facebook and LinkedIn and, therefore, have access to their full name.
Kaspersky’s teams point out that on dating applications, users are restricted to starting a conversation (both people have to “match”, sometimes only women can start the discussion …). But if you have access to the Facebook profile of the person you want, it is easier to send him a message. The researchers warn against the risk of harassment and stalking.
However, they say they have not encountered any difficulty in accessing the data collected by Happn from Facebook.
The geolocation options of dating applications are also pointed out. These services offer to exchange with people relatively close to oneself. But to avoid attacks, they only indicate who separates the two users and not their exact positions. However, the researchers realized that it was possible to discover precisely the position of a still person.
For this, we must repeatedly measure the distance that separates us from it. A laborious method that can be simplified by sending false geolocation information to servers to make them believe that we are moving. Thus, the hacker does not need to move and can determine the location of the person he is attacking.
This technique works particularly well on Tinder, Mamba, Zoosk, Happn, WeChat and Paktor.
Even though applications use an SSL security protocol when they exchange with a server, some data remains unencrypted. Thus, Tinder, Paktor, Bumble and the iOS version of Badoo upload photos via an unsecured HTTP protocol. From there, a hacker can know which account his victim is consulting.
Depending on the applications and the Android or iOS versions, the experts discovered that a lot of data was not correctly encrypted. In the case of Zoosk on Android, for example, they were able to intercept requests from the advertising module through which they accessed users’ contact information, age, gender and smartphone model. If the hacker controls a Wi-Fi hotspot, he can even display malicious ads.
Other faults of all kinds are described in the paper. The document ends with some caveats: avoid connecting to public Wi-Fi networks, install security solutions to detect malware, use VPNs …