Significant Security Flaws Found On OKCupid’s Website And Mobile App Raise Alarm Over Security Of Dating Apps - GADGET-INNOVATIONS

GADGET-INNOVATIONS

Updates On Latest Technology, Innovations, Apps, Softwares, Mobiles, Computing, Gadgets, Appliances, Fashion, Healthcare, Auto & Many Others......

Post Top Ad

Significant Security Flaws Found On OKCupid’s Website And Mobile App Raise Alarm Over Security Of Dating Apps

Share This




Check Point researchers raise serious security questions on dating apps after proving that potential threat actors could have had access to sensitive, private data – full profile details, private messages and email addresses – on OKCupid, the free online dating app with over 50 million registered users and used in 110 countries.

·  Researchers identify serious vulnerabilities on OKCupid that allow a threat actor to masquerade as a user
·  Full profile details, private messages, sexual orientation, personal addresses, and all submitted answers to OKCupid’s profiling questions were accessible to a potential threat actor
· A threat actor could also have performed malicious actions, such as manipulating user profile data and sending messages, on behalf of a victim, without that user’s knowledge


Researchers at Check Point identified several security flaws on OKCupid’s website and mobile app. Through the vulnerabilities found on OKCupid’s web and mobile platforms, Check Point researchers proved that a threat actor could have stolen the private data of an OKCupid user. Full profile details, private messages, sexual orientation, personal addresses, and all submitted answers to OKCupid’s profiling questions were accessible to a potential threat actor, until Check Point Researchers responsibly disclosed the security flaws. In addition, Check Point researchers proved that a threat actor could perform malicious actions, such as manipulating user profile data and sending messages, on behalf of a victim, without that user’s knowledge.


A Single, Malicious Link
To carry out the attack, a threat actor would execute malicious code into OkCupid web and mobile pages by generating a single, malicious link to send users. Check Point researchers outlined the attack method in three steps:


1. Threat actor generates a link containing a payload that initiates the attack
2. Threat actor sends the link to the victim, or publishes it in a public forum
3. Once the victim touches or clicks the link, the malicious code is executed, resulting in data exfiltration



The attack ultimately enables an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data.


Quote: Oded Vanunu, Head of Products Vulnerability Research at Check Point:
“Our research into OKCupid, which is one of the longest-standing and most popular applications in their sector, has led us to raise some serious questions over the security of dating apps. The fundamental questions being: how safe are my intimate details on the application? How easily can someone I don’t know access my most private photos, messages and details? We’ve learned that dating apps can be far from safe. Every maker and user of a dating app should pause for a moment to reflect on what more can be done around security, especially as we enter what could be an imminent cyber pandemic. Applications with sensitive personal information, like a dating app, have proven to be targets of hackers, hence the critical importance of securing them.”


Responsible Disclosure:
Check Point researchers responsibly disclosed their findings to OKCupid. OkCupid acknowledged and fixed the security flaws in their servers. OKCupid has issued the following statement: “Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the OkCupid app. Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours. We're grateful to partners like Check Point who with OkCupid, put the safety and privacy of our users first” 



OKCupid by the Numbers:


·OkCupid app has been downloaded over 10 million times on Google Play. (2019. Source)
·It has been roughly estimated that OkCupid has had 50 million users since they launched (2019. Source)
·During the coronavirus pandemic, OkCupid has seen a 20% increase in conversations and a 10% increase in matches worldwide (2020. Source)
·In 2020, OkCupid has seen a 30% increase in messages.(2020. Source)
·91 million connections were made on OkCupid in 2019 (2019. Source)
·50 thousand dates are made every week (2019. Source)


Youtube

Post Bottom Ad

Responsive Ads Here