Dating App Technology

Our experts have studied the most popular online dating apps (Tinder, Bumble, OkCupid, Badoo, Mamba, Zoosk, Happn, WeChat, Paktor), and identified the main threats to users. We have informed developers in advance of all detected vulnerabilities and as of the date this text is published, some are already fixed and others should be corrected in the near future. However, not all developers have promised to fix the defects.

Threat 1. Who are you?

Our researchers have found that four of the nine apps they have researched allow criminals to determine who is behind a nickname based on the data provided by the users themselves. Tinder, Happn, and Bumble, for example, let everyone see the work or study location specified by a user. Using this information, it is possible to find their accounts on social networks and discover their real names. Happn, in particular, uses Facebook accounts for data exchange with the server. With very little effort, anyone can find the names and last names of Happn users and other info from their Facebook profiles.

And if someone intercepts the traffic of a personal device where Paktor is installed, he will be surprised to learn that he can see the e-mail addresses of other users of the application.

In the end, it is possible to identify Paktor and Happn users on other social networks 100% of the time (60% for Tinder and 50% for Bumble).

Online dating sites like Plenty of Fish are known to be safer. You can read a Plenty of Fish review for 2015 right here.

Threat 2. Where are you?

If anyone wants to know where you are, six of the nine apps will help him out. Only OkCupid, Bumble and Badoo keep locked user location data. All other applications indicate the distance between you and the person you are interested in. By moving and saving data on the distance between you, it is easy to determine the exact location of the “prey”.

Happn not only shows how many meters separate you from another user, but also the number of times your paths crossed; so it’s even easier to follow someone. Although it’s amazing, it’s the main feature of the app.

Threat 3. Unprotected data transfer

Most applications transfer data to a server over an SSL encrypted channel, but there are exceptions.

As our researchers have noted, one of the least secure applications is Mamba. The analytics module used in the Android version does not encrypt data about the device (model, serial number, etc.) and the IOS version connects to the server over HTTP and transfers all unencrypted data (and therefore not protected) messages included. This data can not only be viewed, but also modified. For example, it is possible for a third party to change a “How are you?” In a request for money.

Mamba is not the only application that lets you manage someone else’s account because of an unsecure connection. This is also the case with Zoosk. However, our researchers were only able to intercept Zoosk data when new photos or videos were uploaded – and the developers quickly solved the problem shortly after our notification.

Tinder, Paktor, Bumble for Android and Badoo for iOS also put pictures online via HTTP, allowing an attacker to find out which profiles their potential victim is viewing.

When using Android versions of Paktor, Badoo and Zoosk, other details like GPS data and device information can land in the wrong hands.

Threat 4. Attack of the middleman (HDM)

Almost all online dating application servers use the HTTP protocol, which means that by verifying the authenticity of the certificate, it is possible to protect against HDM attacks where victim traffic passes through a server “thug” before to arrive at the legitimate server. The researchers installed a fake certificate to see if the applications would verify its authenticity; if they were not, they would actually be able to spy on other people.

It turned out that most applications (five out of nine) are vulnerable to HDM attacks because they do not verify the authenticity of the certificates. And almost all apps provide permissions through Facebook; failure to verify the certificate may lead to the theft of the temporary authorization key in the form of a token. The tokens are valid for 2 or 3 weeks during which criminals have access to some of the victim’s accounts data on the victim’s social networks in addition to having full access to their profile on the dating app.

Threat 5. Superuser rights.

Regardless of the exact type of data that the application stores on the device, it is possible to access this data through superuser rights. This only applies to devices based on Android; it is rare for malware to have root access in iOS.

The result of the analysis is not at all encouraging. Eight of the nine apps for Android is ready to provide too much information to cybercriminals with super-user access rights. Researchers have been able to obtain usage tokens for social networks from almost every application in question. The credentials were encrypted, but the encryption key was easy to extract from the application itself.

Tinder, Bumble, OkCupid, Badoo, Happn, and Paktor store all message history and user photos with their tokens. Thus, someone who has access privileges can easily access confidential information.

Conclusion

The study showed that many encryption applications do not handle sensitive user data cautiously enough. This is no reason not to use these services: you simply need to understand the issues and minimize the risks when possible.

Technological Breakthroughs of 2017

Virtual Reality

Oculus Rift, HTC Vive, Pokemon Go, Snapchat. RA and the RV are carving out an increasingly bigger place. According to many experts, the market is now ready for this type of technology and 2017 will be the year when we will see virtual versions of virtually everything, with the marketing opportunities that go with it.

Automatic learning (AI)

Commonly called “machine learning”, it will probably be one of the most important buzzwords of 2017. The recent sophistication of artificial intelligence technologies now allows systems to learn for themselves from data they collect. This is not a science fiction, it is a major technological breakthrough in recent years, which has for example led to the very significant improvement of automated translation services.

Whether it is a good or a bad thing, many experts predict the demise in the medium term of entire trades. Maybe it will not happen in 2017, but maybe it will be the year when the trend will get worse. Some sectors will be hit more quickly than others, for example the financial sector. Citygroup, among others, predicts that within 10 years, 30% of banking jobs will be automated.

Mobility

Something that seemed unthinkable just a few years ago: four out of five consumers now use their smartphones to make purchases. The motive is more and more omnipresent in the acts of our daily life. One of the biggest trends ahead, according to journalists, will also be the shift of an increasing number of employees to work remotely with the new mobility tools. Working from home (or from around the world!) Could soon become a reality for a growing number of people disenchanted by transportation and 9 to 5. With all the mobile phones it’s important that you know how to avoid getting hacked because technology is getting more complex an criminal organizations are taking advantage.

Technology Breakthroughs by MIT


Every year, the MIT Technology Review magazine selects 10 technological breakthroughs of 2016. Voice recognition, GMO, reusable rockets, DNA in the App Store, or the automatic pilot Tesla: these technologies have not been impressive last year, and are developed to be this year, according to MIT.

Immune Engineering

Availability: in 1-2 years

Immune cells – T lymhocytes – genetically modified through genetic editing tools such as Talens or CRISPR -Cases 9, could heal in one treatment, people with cancer, sclerosis or HIV. A pioneer in the industry, the US biopharmaceutical company Cellectis, created by André Choulika – is the first to effectively reach extract T cells from the blood of a patient to change its DNA, so that it then eliminates only the diseased cells . 300 patients were treated, including several completely healed. In addition, Cellectis has managed to modify T cells to make them universally applicable, regardless of the patient. All the major pharmaceutical companies and biotechnology are interested.

Genetic Manipulation of Plants

Availability: in 5 to 10 years.

If CRISPR-Cas 9 was called a scientific breakthrough in 2015 by Science magazine, it is not for nothing. Among other breaches of use, it is a genetic editing tool for creating genetically modified (GM) crops that have no foreign DNA, and pass, the USA’s regulations.

Speech Recognition

Availability: Now

The future of computers and mobile devices is voice control. Already available on Apple devices, Microsoft and Google, voice control technology – and more generally of artificial intelligence – continent to evolve rapidly. It is the Chinese made, Baidu, which is the leader in this field. It has a laboratory in Silicon Valley which was developed in 2014 Deep Speech technology.

Reusable Rockets

Availability: Now

Rocket SpaceX and Blue Origin have made a buzz in recent months. And for good reason: they intend to revolutionize the use of rockets by allowing them to re-land after their use, and therefore be reused. They have demonstrated that this was possible in December and January. Huge financial gains are the key, and the European Space Agency (ESA), can not ignore this new situation, it also works on the design of an Ariane 6 reusable.

Robots That Can Learn From Each Other

Availability: in 3 to 5 years

The idea? Enabling robot learning via a common core of learning on the Cloud. A robot may drop off any new skills learned or extract a skill thats available and “learn” it. Advances in robotics accelerate dramatically if indeed each type of machine does not need to be programmed separately. An already running system, ROS (Robot Operating System), was already used to test this idea.

The DNA on App Store

Availability: this year

Genome sequencing techniques have seen their cost substantially decreased in recent years, and their ease and speed of execution greatly improve. From simple saliva samples, California-based Helix – acquired by Illumina – announced that it will this year propose to perform DNA analysis on demand, establish a complete description of the genome, and make accessible online, or available on Android and iOS. All for just $100. The usefulness? Know your own susceptibility to disease, or the likelihood of transmission to your children. For this, Helix built the largest sequencing center in the world of the genome, but other companies like Veritas Genetics, are on the spot. Still, it must be approved by the FDA and the US Agency for Food and Drug.

The Giant Plant Solar City

Availability: next year

The factory built in Buffalo by Solar City will cost $ 750 million, but will produce 10,000 solar panels a day! Or in one year, enough panels to produce 1 GW of electricity. Which is a lot given that nuclear power plants have a capacity of 0.9 GW and 1.45 GW. This will simply be the largest plant in North America, but we need it to drive down production costs and compete with the Chinese, who dominate this market. Solar City do not intend to make low-quality panels and boasts produce panels with a yield of 22%!

Slack

Availability: Now

Slack allows people to exchange files, call, subscribe to channels, create bots, or easily attach a working correspondence, as well as from a phone from a computer. Established in 2013, three million people today use it daily. Overall, the service makes the connection less restrictive labor by grouping all communications. With Slack, Quip, HipChat and Microsoft are key players in this new way to communicate.

The Automatic Pilot Tesla

Availability: Now

In October 2015, Tesla launched a new operating system (7.0 Tesla) with an auto-pilot for its Model S electric cars and X. Until the Tesla cars are really self operating, Elon Musk is betting on two years before this happens. Tesla’s 70,000 vehicles in circulation have already covered over 160 million kilometers with the autopilot mode. For comparison, completely dominating, because Google have rolled “only” 2.5 million km. Besides Tesla and Google, all manufacturers are working of course on the autonomous car. The presence of automated cars on the road should drastically reduce the number of road accidents.

The Wireless Power

Availability: in 2 to 3 years

In the wake of the explosion of connected objects, technologies are being developed to exploit the Wi-Fi signals and other communication signals to allow objects to recharge and communicate in total or almost autonomy. This is the case of the system of “Wireless passive” developed by researchers at the University of Washnigton and consumes 10 000 times less energy than the current Wi-Fi, and 1000 times less than the Bluetooth Low Energy or Zigbee. Devices freed from the constraint of energy storage open new applications. Retro dispersion technique can allow a device to transmit information and to recharge using the reflected electromagnetic waves. The researchers also found a software solution to enable wireless modem to distribute the signal to another device for recharging.

HOW BAD WILL IT NEED TO GET BEFORE THE IRS ASKS THE THIEF FOR IDENTIFICATION?

For the first time in about a month I had time to call the IRS to find out whether they have actually received my mailed tax return along with the affidavit and identification. I had to call because there is no information online. I didn’t think they would be able to tell me anything on the phone either, but I assumed it was worth a try.

After holding (on speakerphone of course) for a little over 15 minutes in an attempt to reach the Identity Theft section of the IRS, I was greeted by a very nice representative who verified that I was who I said I was through a series of identification questions and then proceeded to tell me that “Yes” they (the IRS) have received my affidavit and information through the mail. I also asked if I would actually get my return and if so when might I expect it or if he might have an estimated time-frame. He assured me that I would definitely receive it eventually but that the time-frame could vary anywhere from four months to a little over a year. I also inquired about the possibility of receiving a PIN number to avoid future incidents and he told me that PIN numbers would be issued somewhere around November for current victims to avoid repeat victimization on subsequent tax returns.

He (the IRS representative) seemed or sounded very nervous when I began to question him. I didn’t want him to feel like I was picking on him because it definitely is not his fault that the IRS has failed to handle their business.

I found it amusing that I had to answer so many identification questions just to find out if they received my information – If the identity thief were asked about half these questions before being handed my money no one would have this problem and billions of dollars would not be floating around amongst the pockets of lazy, entitled, scum of the earth.

Billions? Did I say “Billions”? Yes, I did! According to our very own Treasury Inspector General J. Russell George The toll is nearing the billions that could be raked in within the next five years because the IRS cannot keep up. You can read more about that in this article on CNN.com by Scott Zamost: Identity thieves could rake in $26 billion in tax refunds

By the way, if you are a victim of identity theft because of a stolen tax return do not bother to call the “Where is my Refund” section of the IRS or the “Customer Service” division. Call this number: 800-908-4490 between 7am and 7pm, Monday thru Friday and be prepared for a long wait.

Good Luck!

IRS TAX RETURN FRAUD 2012 – THE SHITS FINALLY HITTING THE FAN

Forget about millions, we are now looking at Billions in tax payer’s money gone to criminals. Mind you, the billion amount has a big fat “S” on the end of it!

A very interesting article titled “Identity thieves will rake in billions in stolen tax refunds this year” at Nextgov.com states that, “For the past five years, the IRS has received negative audits from the Government Accountability Office for ongoing security weaknesses that could compromise sensitive taxpayer information” – some of these statements were from the prepared testimony of J. Russell George, the Treasury Department inspector general for tax administration himself.

This article goes on to say that a significantly greater amount of returns based on false income get through than the amount prevented and/or detected by the IRS. And that many of these false returns or fraudulent returns are forged by IRS employees.

And damn, “The IRS does not analyze much data from identity theft cases for patterns that could be followed to prevent future refund fraud.”

All I can say is “Nice” and Really?

Not to mention, their (IRS) computer vulnerabilities are deplorable.

More about that gem here: IRS plagued by computer vulnerabilities five consecutive years

Read and download the last two IRS audits for yourself: (click on link and a new page will open then click link a second time to save or open for viewing)

2012 Report to the Commissioner of Internal Revenue
2011 Report to the Commissioner of Internal Revenue
You’ve got to read this article by: By Aliya Sternstein 04/19/2012 (well you don’t have to, but its very informative)

There’s your tax dollars working for you!

TODAY IS THE OFFICIAL 2012 IRS TAX FILING DEADLINE

Do you know where you tax return is?
If you’re like hundreds of thousands of others who have already filed their tax returns promptly and have discovered that some crook has already filed one for you, then you’re probably pretty upset and have good reason to be.

If you’re just sending out your tax return today, then you have a very good chance of becoming a victim yourself.

How will you know if you are a victim?

If you file electronically you will most likely receive a message from the electronic filing system that a duplicate social security number has been detected or that a tax return has already been filed using your social security number.

If you file by mail, it may be weeks or even months before you even find out you’re a victim. You will receive a letter that says, “more than one tax return was filed for you” or states “you received wages from an employer you don’t know”. And then it will be more months or even, in some cases, a year or two before you will actually get your tax return.

What should you do if you become a victim?

If you file electronically:

Unfortunately you will need to call the IRS to determine whether or not this message is indeed due to identity theft.
Be prepared to hold and be on the phone for at least an hour (don’t do this on your lunch break)
They will tell you to file a police report. However there has been so much identity theft and tax return fraud this year that most police departments will not even take a report.
If your local police department will not take a report don’t worry about it – it probably wouldn’t make much of a difference anyway.
Read this article “Tax Refund Stolen” on what to do (scroll halfway down the page and start with line item number 7)
After following these directions, be prepared for a very, very long wait. From what I understand, you will eventually get your tax return and in some cases with interest tacked onto it. The problem is when? And that “when” is averaging somewhere around at least six months to two years.

Last night I did an interview with Scott Cohn of CNBC’s “Squawk Box” on tax return fraud and identity theft and he brought up some very important issues that I really hadn’t had a chance to think about regarding identity theft – those things being the long-term effects or aftermath of identity theft and how it might continue to affect its victims.

When Scott asked me this question it made me think of things like, what will happen if because of this tax return fraud/identity theft:

Your income is reported wrong and you temporarily lose certain medical benefits because of a sliding scale medical insurance program
Your work record is tainted by reports of incorrect employers, which subsequently become part of some public record system and this causes you not to get a job because an employer thinks you have submitted false information
You apply for financial aid and are deemed ineligible due to incorrect income reports
Your child support is adjusted due to incorrect income reports
The list could go on-and-on.

As I mentioned in my interview, the IRS is similar to credit bureaus in that it’s really easy for negative or erroneous information to appear and stay on your report but you’re going to play HELL trying to get anything removed or eradicated.