Sci-tech

Dating site security flaws fixed

Dating site security flaws fixed”

"Every maker and user of a dating app should pause for a moment to reflect on what more can be done around security, especially as we enter what could be an imminent cyber pandemic", Oded Vanunu, head of Products Vulnerability Research at Check Point said in a statement. It is always advised to use strong passwords and to not give away too much personal information on a dating app.

The vulnerabilities if exploited would have exposed user data including their stated characteristics, pictures, and other details.

During the reverse engineering process, Check Point researchers discovered that the app is opening a WebView (and enables JavaScript to execute in the context of the WebView window) and loads remote URLs such as https://OkCupid.com, https://www.OkCupid.com, and more.

In addition to dating preferences and messages, the flaws also opened a way to glean other intimate information related to the victim, including their age, location, religion, sexual orientation as well as professional background and the kind of lifestyle they prefer.

More news: Ghislaine Maxwell Loses Late Bid to Block Deposition's Release, Quickly Appeals

Researchers said, to carry out an attack, hackers would first generate a malicious link containing a payload and then send it to an unsuspecting OkCupid user.

CheckPoint revealed its findings to OKCupid, and developers have actually repaired the flaws within 2 days. Luckily, OKCupid says no users were affected by the vulnerabilities. However as CheckPoint explains, this is a reminder that, while dating apps consist of sensitive and personal info, they might not be as safe as we 'd like. Both those loopholes could be combined to let a hacker send specially crafted links to users and steal their personal data. "How easily can someone I don't know access my most private photos, messages and details?" Bumble asks users to verify their identities with selfies. Earlier this year, a study accused Grindr, OKCupid and Tinder of sharing sensitive data.

Check Point Research spotted some vulnerabilities on the OkCupid app that may have "allowed attackers to" control an account to some degree. OKCupid particularly was implicated of sending information on substance abuse, ethnic background and political views to the analytics firm Braze.

"Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours", OkCupid responded to Check Point on its discovery.



Like this

loading...
loading...

Latest


01 August 2020
Rep. Jordan questions Dr. Fauci on how protests are contributing to pandemic
That includes the need to wear masks, avoid crowds and practice good hand hygiene, he said. As a result, the United States' baseline of transmission was higher than Europe.

01 August 2020
Quest advances to recreate sun's energy on Earth
Representatives from seven members of the International Thermonuclear Experimental Reactor project attended a ceremony on Tuesday. The ITER machine will be constructed from about a million components, and initial experiments are set to begin in December 2025.

01 August 2020
Private Division Signs Deal With Moon Studios, League Of Geeks & Roll7
According to Private Division, the folks at Moon Studios are now working on a "compelling new action RPG". All three titles are now in early development, and do not now have set release dates.

01 August 2020
Unsealed court documents reveal Ghislaine Maxwell's connection with Epstein
Preska had ordered them released, but Maxwell's lawyers appealed her ruling to the 2nd US Circuit Court of Appeals. Virginia Roberts Giuffre speaks during a press conference outside a Manhattan court in NY on August 27, 2019.

01 August 2020
Mercedes S-Class Teased With New E-Active Body Control
The Mercedes CLE will also most probably be built on Mercedes' MRA platform and can be configured with either an all-wheel or rear-wheel drive.

01 August 2020
British Grand Prix: Hulkenberg to stand in for Perez at Silverstone
He arrived at Birmingham Airport at 7pm from Cologne in Germany on Thursday night before travelling down to Northamptonshire. Perez said the positive test was a hard thing to stomach given the competitiveness of Racing Point's 2020 auto .

01 August 2020
Fed Appeals Court Overturns Death Sentence for Boston Marathon Bomber
He was convicted in 2015, including for the deaths of Krystle Campbell, Martin Richard, Lingzi Lu and Sean Collier. Attorney's office in Bostonsaid they are now reviewing the opinion and declined further comment at this time.

31 July 2020
Italy's far-right leader Salvini loses his parliamentary immunity
Salvini's resistance League celebration remains the most popular in Italy, but it's been slipping in opinion polls. More than 100 migrants were stuck on the Spanish rescue ship Open Arms for 19 days off the isle of Lampedusa.

31 July 2020
Courteney Cox Is Officially Reprising 'Scream' Role as Gale Weathers
As for Cox , she'll soon be seen on HBO Max's much-hyped Friends reunion special, and she'll also be showing up on a Starz horror comedy series called Shining Vale .

31 July 2020
NASA's Mars-Bound Spacecraft Is Back Online After Experiencing Technical Difficulties
This is also backed by an evidence of 20 km wide liquid water body on Mars, though there is no evidence of life in this lake. Aside from the issue with the temperature, the Mars 2020 mission also experienced communication problems after it launched.