Valentine's Day is just around the corner – and, purely coincidentally, IBM is warning techies about the risks of dating apps and websites.
Big Blue has published a report outlining the potential security risks associated with users running sex scheduling software on their smartphones and tablets.
Big Blue says it studied 41 different hookup apps, and claims it found that more than 60 per cent contained vulnerabilities that could be exploited by an attacker to compromise a device and steal data.
According to the IBM study, a number of exploitable flaws exist in the apps that could allow an attacker to perform operations such man-in-the-middle attacks, phishing and cross-site scripting. By exploiting those flaws, IBM suggests that an attacker could not only steal user credentials, but could also look into stored data and photos or remotely activate a devices camera and speaker.
Additionally, an app could gain excessive permissions that can be abused to track users or run up excessive billing charges.
This, says IBM, is something that should worry businesses as many users are running the dating apps on their phones. Should a user in fact fall victim to an attack, corporate data could be pulled from the device.
"The trouble with BYOD is that, if not managed properly, the organizations might be leaking sensitive corporate data via employee owned devices," IBM said in the report.
"If a user has the ability to download apps from untrusted third party sites or even apps on traditional app stores, there is the potential for sensitive information such as the employee address book, phone numbers, geo location, and more to be at risk via these devices."
At this point, it bears noting that IBM has more than a little bit of an interest in convincing execs and IT admins of the dangers posed by mobile devices. The company of course offers a number of security and management tools geared towards BYOD and network security.
At least one company, however, is taking the report seriously. While IBM didn't name the apps it tested, the parent company of Tinder, Match and OKCupid, IAC, was quick to tell El Reg that its dating platforms were all well-secured.
"IBM tested IAC’s dating apps - including Match, OkCupid, and Tinder - and they were not among the apps found to exhibit the cited vulnerabilities," the company said.
"We are confident in the continuing security measures we take to make sure our products meet the highest security standards."
Even if an app isn't vulnerable, however, IBM warns that users can still fall victim to social engineering attacks. The company notes that a scammer could create a fake profile to interact with employees and gather personal information or extract the answers to security questions and take over a user's profile.
IBM recommends that users educate themselves on safe online dating practices including limiting the information they share on their profiles, checking app permissions and only running apps on trusted network connections. All good common sense that shouldn't be a bolt from the Big Blue. ®