Select Page

Love Bug? Safety Flaw Present In OkCupid’s Android Variation.

An application vulnerability when you look at the popular relationship software may have let hackers take control user accounts and spread spyware

Valentine’s Day could have you looking love, however you might choose to think hard before firing your dating that is favorite app.

Scientists at the cybersecurity that is israeli Checkmarx recently discovered safety flaws into the Android os form of OkCupid that, among other activities, might have let cybercriminals deliver users missives disguised as in-app communications.

The flaws have since been fixed. Before that, nonetheless, users has been tricked into losing control of their accounts or had information stolen and then useful for identification credit or theft card frauds, based on the scientists.

“There had been simply no method for an user that is unsuspecting understand that this wasn’t OkCupid, but, alternatively, a web page built to look like OkCupid,” says Erez Yalon, Checkmarx’s head of protection research.

That isn’t the very first time Yalon’s group has found safety issues in an app that is dating. This past year, Checkmarx announced that its researchers had discovered flaws in Tinder’s app that may provide hackers ways to see which profile pictures a person had been taking a look at and how he/she reacted to those pictures.

While both the OkCupid and Tinder safety problems have actually since been fixed, they nevertheless stay being a caution to customers to keep clear of all of the apps, and specially dating apps, that store lots of information that is personal.

“The OkCupid researchers took advantageous asset of a number of small flaws to wrench available quite a straight back door,” says Bobby Richter, whom leads CR’s privacy and protection evaluating group. “At least the organization responded reasonably quickly with a fix.”

Mimicking Pop-Up Apps

The app that is okCupid along with some other browser, such as for example Chrome or Firefox, to download and display messages off their users. The researchers unearthed that an attacker could produce a link that is malicious looked genuine towards the app—and once opened into the OkCupid application, the message would ask an individual to enter log-in credentials.

A given user might be interested in dating, as well as personal photos and details designed to entice potential dates in addition to account data such as names, email addresses, and geographic location, OkCupid accounts tend to include information about the people.

All that information would make it a lot easier for a cybercriminal to a target the consumer for cybercrimes such as for instance identification theft, bank or insurance fraudulence, and also stalking.

“That’s not just a start that is good” apps like mylol Yalon claims. “But, unfortunately, it gets far worse.”

An assailant possibly may have intercepted communications between your OkCupid user along with other people, reading private messages as well as tracking the location that is user’s.

“Users wouldn’t understand the application was assaulted,” Yalon claims. “Everything worked completely generally, so they’d continue steadily to use it.”

Tips On How To Remain Secure And Safe

Yalon confirmed that the difficulty happens to be fixed within the Android os version, and OkCupid says exactly the same weaknesses didn’t influence the iOS and mobile internet variations of this platform.

Yalon claims customers nevertheless have to think before sharing private information through almost any application. a mobile web site can show that such information is encrypted by putting “https” into the Address, however it’s nearly impossible to share with whether an application is also encrypting the info provided for and from business servers.

The following tips, provided by CR’s privacy and security experts, can help you stay safe for any mobile app.

  • Utilize multifactor authentication. Switch on this environment, which can be readily available for most big online solutions, including banking institutions and social media marketing platforms. Then, whenever somebody attempts to log on to your bank account, they’ll need both the password and a one-time rule texted to your phone. This will probably prevent hackers whom guess your password or obtain it from a information breach from accessing your account. (OkCupid doesn’t currently offer multifactor verification.)
  • Don’t overshare. The greater information you volunteer online, the greater information could be taken. “Be stingy with personal information,” claims Justin Brookman, Consumer Reports’ director of customer privacy and technology policy. You don’t need certainly to fill out every school you’ve attended, the name of one’s hometown, as well as your genuine birthday celebration simply because a company that is digital you for anyone details—even whenever it guarantees you dates or discounts on technology items.
  • Keep apps updated. Since the incident that is okCupid, safety groups are continuously repairing computer software weaknesses discovered through data breaches or through the efforts of scientists such as for instance Checkmarx. Download software updates immediately and you obtain the advantage among these fixes. Neglect to accomplish that, and also you stay unnecessarily vulnerable.
  • Turn fully off location tracking in apps. You can turn off an app’s access to GPS data whether you have an iPhone or an Android device. Feel the settings for the apps routinely, making certain you’re maybe not supplying more information compared to the application actually requires.