The rise in popularity of dating apps is exposing users and organisations to new risks, says Gary Newe, technical director at F5 Networks.
Like so many aspects of daily life that have moved online, dating is another that has exploded in popularity in the last few years. Unlike online dating sites, dating apps appeal to a new generation of online daters because of their simplicity and ability to link with other social networks to generate automatic profiles for their users. But despite the ease of downloading these applications, do we consider the risk of using such applications on our personal data?
The rise of dating apps has been met with much controversy. In January, UK police announced an increase in the number of crimes linked to dating apps. This month, new research revealed that almost half of people who use dating sites and apps have been scammed or spammed. Although the convenience of these online services appeals to the time-strapped consumer of today, there’s no doubt that it’s exposing them to a growing number of threats, both online and offline.
Many dating applications have been found to contain vulnerabilities, and some have access to the GPS location, camera and microphone on the user’s device. Should a hacker manage to take advantage of these vulnerabilities and install malware on a device, they could have access to anything they want – whether that’s the user’s credit card details or home and work address. It even gives them access to online profiles and emails, which they could easily hijack and use to impersonate the victim.
Not only are users potentially putting their own data at risk, but a study by IBM found that 50% of companies have employees who use dating apps on their work devices. This poses a massive risk to the organisation’s network. There have been a number of high-profile data breaches in the past where hackers have exploited a weak point in the network through employees (phishing emails) or third parties. In these situations, it is often the customers of these businesses that end up suffering the most, as their personal information winds up in the wrong hands. No employee wants to be the one who exposes their company to the mercy of hackers, and even less so as a result of actions in their personal life.
The risks are obvious, but what can people do to protect themselves? Firstly, before downloading the applications, find out what access you’re authorising the service to on your phone. People are willing to give up their information too easily nowadays, without even asking why a company would need access to our GPS location and camera. Secondly, find out what the company policy is on downloading personal apps on a work device. It might seem like something harmless to do, but you could be putting your colleagues and customers at risk for the chance to start using the latest dating app.
Organisations also need to ensure they have policies in place about the use of personal services on work devices. If they can implement controls to prevent their employees putting company data at risk, they should do so before they end up being the next victim of a major data breach.