IBM sounds smartphone security alarm over dating apps
As Valentine's Day approaches, IBM tells users to approach mobile dating apps with caution
People who use dating apps on company-issued smartphones could be putting corporate data at risk, according to a study by IBM.
Big Blue's report saw the vendor test 41 dating apps on an Android device, and discovered 26 of them were either mildly or highly vulnerable to hacking.
As a result, users could have their movements tracked by hackers who can access GPS information via the apps, or have the camera and microphones on their smartphones remotely controlled.
Furthermore, hackers could also hijack people's dating profiles, it is feared, leading to identity theft or blackmail attempts.
IBM has reportedly made the makers of the vulnerable apps aware of its findings, but has not publicly named who makes them.
In the second part of its research, IBM also polled companies to see how many of their employees used dating apps. Of those sampled, around 50 per cent had employees who used the vulnerable ones.
These findings have huge implications for companies that have embraced the Bring Your Own Device trend, warned IBM, although it denied it's trying to put people off using them.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Rather, [the] goal is to educate organisations and their users on potential risks and mobile security best practices to use the applications safely," the company said in a blog post.
To protect their users, IBM is urging corporations who allow users to access company information on personal devices to make use of enterprise mobility management tools and ban users from downloading apps from unauthorised sources.
It also advocates educating users about the dangers of not paying attention to what services apps have permission to access on a person's phone.
"Set automated policies on smartphones and tablets that take immediate action if a device is found compromised or malicious apps are discovered," the company advised in a blog post.
"This approach protects your organisation's data while the issue is remedied," the company adds.