Platforms such as Tinder and Happn typically hoard reports of cybersecurity incidents affecting users of dating apps, although other platforms of this type are not without computer errors that may expose the information from users.
A recent cybersecurity report revealed a security flaw in the OkCupid dating app that could have been exploited by threat actors to access user location details. While it is true that these platforms have been constantly signaled by their constant security errors, this report reveals new information, including the steps hackers can take to extract sensitive information.
In their research, cybersecurity experts proved able to extract location data from active OkCupid users without major setbacks. To achieve this, the researchers only had to deploy a Man-in-The-Middle (MiTM) attack, a popular hacking method to intercept communications between two points; in this case, between the server and the user.
Each OkCupid user’s location ID is unique, and is automatically updated when you are in an active session in the app. When accessing the ID, a hacker with sufficient knowledge could know precisely the latest target user’s location; In addition, hackers could also track a user in a range of between 10 and 20 meters.
It is still unknown whether the company is already working to fix the bug, although the cybersecurity community expects the flaw to be completely corrected in the next app update. While users would expect these kinds of apps to have better security measures than the rest, it’s a fact that dating apps are as insecure as any other platform that stores sensitive information.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.