Dateline: Reuters News Service
In a startling report from the Reuters News Service, an IBM Corporate Security Expert released a recent study showing that businesses that are allowing a BYOD (Bring Your Own Device) policy for the employees and management are exposing themselves to a huge risk for cyber-hacking that could lead to fairly benign data capture to potential high-security data loss, revenue theft and blackmail.
The policy of “Bring Your Own Device” or BYOD has been a growing trend in many companies over the past several years. In essence, companies allow workers to use their own mobile devices such as smartphone, tablets and other web-connected devices to be used for both personal as well as company work. The idea being that by allowing a worker to easily synch data between their work environment and their home or roaming environments could improve productivity. However, a recent IBM study found that even low-level sharing such as calendars and contacts could pose significant security breaches for the company.
Surprisingly, the biggest concern that the IBM study found was the workers who were running social media apps, especially dating apps, posed that biggest risk. IBM found employees used vulnerable dating apps in nearly 50 percent of the companies sampled for its research.
“There are millions of people using dating apps on company smartphones that are exposing themselves and their employers to hacking, spying and theft.” stated one of the lead researchers of the IBM study.
IBM security researchers said 26 of 41 dating apps they analyzed on Google’s Android mobile platform had medium or high severity vulnerabilities. IBM did not name the vulnerable apps but said it had alerted the app publishers to problems.
“The trouble with BYOD is that, if not managed properly, the organizations might be leaking sensitive corporate data via employee-owned devices,” said the IBM report.
Apps such as Tinder, OkCupid and Match have become hugely popular in the past few years due to their instant messaging, photo and geolocation services. About 31 million Americans have used a dating site
IBM said the problem is that people on dating apps let their guard down and are not as sensitive to potential security problems as they might be on email or websites.
If an app is compromised, hackers can take advantage of users waiting eagerly to hear back from a potential love interest by sending bogus “phishing” messages to glean sensitive information or install malware, IBM said.
A phone’s camera or microphone could be turned on remotely through a vulnerable app, which IBM warned could be used to eavesdrop on personal conversations or confidential business meetings. Vulnerable GPS data could also lead to stalking, and a user’s billing information could be hacked to purchase things on other apps or websites.
Meanwhile, it recommends that companies at a minimum look closely at the habits of their workers using shared smart-devices in the workplace and especially those using dating apps. Users should be educated on how to limit the personal information they divulge, use unique passwords on every online account, apply the latest software patches and keep track of what permissions each app has.
In addition, companies should closely re-evaluate their policies on BYODs.
IAC/InterActiveCorp, which owns Tinder, OKCupid and Match, did not have any immediate comment on the IBM report.