The most compelling vulnerabilities uncovered by the Kaspersky crew, however, involved encryption of traffic, or lack thereof, between phones and dating app servers. ( Earlier studies have called attention to this threat, the researchers pointed out.) “An attacker can remain in one place, while feeding fake coordinates to a service, each time receiving data about the distance to the profile owner,” the researchers said, noting that Tinder, Mamba, Zoosk, Happn, WeChat, and Paktor were the most vulnerable to this sort of potential privacy breach.
The trick involved using information about the distance from a potential match to triangulate a person’s actual location. Get Data Sheet, Fortune ’s technology newsletterĪnother set of weaknesses in the apps allowed the researchers to pinpoint people’s whereabouts. With full names and profiles at hand, there’s nothing to stop a creep from harassing a target through another social channel. Linked Instagram accounts, a common feature on many of these services, helped the team pursue leads too. “Using that information, we managed in 60% of cases to identify users’ pages on various social media, including Facebook and LinkedIn, as well as their full names and surnames,” the researchers said. They used public profile information, such as education and employment history, which romance-seekers have the option to list on Tinder, Happn, and Bumble, to identify their accounts on other social networks. The first flaw allowed the researchers to de-anonymize, or unmask, people’s real identities. (The companies either did not immediately respond to Fortune’s request for more information, or did not provide an official comment.) They looked at a total of nine mobile match-making services that, in addition to the ones named above, included Badoo, Mamba, Zoosk, Happn, WeChat, and Paktor. “We are not going to discourage people from using dating apps, but we would like to give some recommendations on how to use them more safely,” the researchers said.
0 kommentar(er)
