Intelligence and dating
Most dating apps limit searches to specific areas, and you have to match with someone who also ‘swiped right’ or ‘liked’ you.
That meant we also had to like profiles of potentially real people.
The kind (and amount) of information divulged—about the users themselves, the places they work, visit or live—are not only useful for people looking for a date, but also to attackers who leverage this information to gain a foothold into your organization.
To bear out the risks, we delved into various online dating networks, which initially included Tinder, Plenty of Fish, Jdate, OKCupid, Grindr, Coffee meets Bagel, and Love Struck.
That shouldn’t come as a surprise, as online dating networks allow you to filter people using a wide range of factors—age, location, education, profession, salary, not to mention physical attributes like height and hair color.We also set up profiles that, while looking as genuine as possible, would not overly appeal to normal users but entice attackers based on the profile’s profession.That let us establish a baseline for several locations and see if there were any active attacks in those areas.This led to some interesting scenarios: sitting at home at night with our families while casually liking every single new profile in range (yes, we have very understanding partners).We also employed a few house rules for our research—play hard to get, but be open-minded: The goal was to familiarize ourselves to the quirks of each online dating network.