Friday, January 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Android dating app flaw could have opened the door to phishing attacks

February 17, 2019
in Internet Security
Android dating app flaw could have opened the door to phishing attacks
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Security vulnerabilities discovered in the Android version of a popular online dating application could allow hackers to access usernames, passwords and personal information, according to security researchers.

The flaws in the Android version of the OKCupid dating app — which the Google Play Store lists as having over 10 million downloads — were discovered by researchers at cyber security firm Checkmarx. The researchers have previously disclosed exploits that could be abused by hackers in another dating app.

You might also like

Toyota slapped with $180 million fine for violating Clean Air Act

More than 10mil users installed Android apps that showed out-of-context ads

Xiaomi added to US list of alleged Communist Chinese military companies

The researchers found that the WebView built-in browser contained vulnerabilities which could be exploited by attackers.

While most links in the app will open in the user’s browser of choice, researchers found it was possible to mimic certain links that open within the application.

“One of these types of links was very easy to mimic and an attacker with even basic skills would be able to do this and convince OKCupid it’s a safe link,” Erez Yalon, head of application security research at Checkmarx told ZDNet.

Using this, researchers found they could create a fake version of the OKCupid login page and, using a fake profile, use the app’s messaging service to conduct a phishing attack that invites the targeted users to click on the link

Users would need to enter their login details to see the contents of the message, handing their credentials to the attacker. And because the internal link doesn’t display a URL, the user would have no indication that they’d logged into a phony version of the application.

SEE: 17 tips for protecting Windows computers and Macs from ransomware (free PDF)

With the username and password of the victim stolen, the attacker could login to their account and see all of the information on their profile, potentially personally identifying users. Given the intimate nature of dating applications, that could include information the users wouldn’t want public.

“We could see not only the name and password of the user and what messages they send, but everything: we can follow their geographic location, what relationship they’re looking for, sexual preferences — whatever OKCupid has on you, the attacker could get on you,” said Yalon.

They found it was also possible for an attacker to combine crafting phishing links with API and JavaScript functions that had been inadvertently left exposed to users. By doing this, it’s possible to remove encryption and downgrade the connection from HTTPS to HTTP — and that allowed for a man-in-the-middle attack.

By doing this, the attacker could see everything the user was doing, impersonate the victim, change messages, and even track the geographical location of the victim. 

The security company disclosed the findings to OKCupid owners Match Group in November last year and an update was rolled out to close the vulnerabilities shortly afterwards. Yalon praised Match Group for being “very responsive”.

An OKCupid spokesperson told ZDNet: “Checkmarx alerted us of a security vulnerability in the Android app, which we patched and resolved the issue. We also checked that the issue didn’t exist on mobile and iOS as well,”

Checkmarx stress that no real users were exploited as part of their research and while it isn’t thought that the attack has been used in the wild, Yalon pointed out “we can’t really tell, because of the way it’s hidden so well.”

READ MORE ON CYBER CRIME

Credit: Source link

Previous Post

Lisk Machine Learning (LML) 24 Hour Volume Reaches $3,848.00

Next Post

Artificial intelligence to boost understanding of Earth: Study - ETCIO.com

Related Posts

Toyota slapped with $180 million fine for violating Clean Air Act
Internet Security

Toyota slapped with $180 million fine for violating Clean Air Act

January 15, 2021
More than 10mil users installed Android apps that showed out-of-context ads
Internet Security

More than 10mil users installed Android apps that showed out-of-context ads

January 15, 2021
Xiaomi added to US list of alleged Communist Chinese military companies
Internet Security

Xiaomi added to US list of alleged Communist Chinese military companies

January 15, 2021
Security software maker Tufin soars on raised Q4 outlook
Internet Security

Security software maker Tufin soars on raised Q4 outlook

January 15, 2021
Cisco says it won’t patch 74 security bugs in older RV routers that reached EOL
Internet Security

Cisco says it won’t patch 74 security bugs in older RV routers that reached EOL

January 15, 2021
Next Post
Artificial intelligence to boost understanding of Earth: Study – ETCIO.com

Artificial intelligence to boost understanding of Earth: Study - ETCIO.com

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Apologetic AI Is A Somewhat Sorry Trend, Especially For Autonomous Cars  
Artificial Intelligence

Apologetic AI Is A Somewhat Sorry Trend, Especially For Autonomous Cars  

January 15, 2021
Machine Learning

BlackRock invests in data science & machine learning | Corporate Finance

January 15, 2021
Toyota slapped with $180 million fine for violating Clean Air Act
Internet Security

Toyota slapped with $180 million fine for violating Clean Air Act

January 15, 2021
AI Research at Amazon: Brand Voice, Entanglement Frontier, Humor Recognition  
Artificial Intelligence

AI Research at Amazon: Brand Voice, Entanglement Frontier, Humor Recognition  

January 15, 2021
Machine Learning in Manufacturing Market 2020 Report Forecast By Global Industry Trends, Future Growth, Regional Overview
Machine Learning

Machine Learning in Manufacturing Market 2020 Report Forecast By Global Industry Trends, Future Growth, Regional Overview

January 15, 2021
More than 10mil users installed Android apps that showed out-of-context ads
Internet Security

More than 10mil users installed Android apps that showed out-of-context ads

January 15, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Apologetic AI Is A Somewhat Sorry Trend, Especially For Autonomous Cars   January 15, 2021
  • BlackRock invests in data science & machine learning | Corporate Finance January 15, 2021
  • Toyota slapped with $180 million fine for violating Clean Air Act January 15, 2021
  • AI Research at Amazon: Brand Voice, Entanglement Frontier, Humor Recognition   January 15, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates