Security researchers identify vulnerabilities in “Official Trump 2020” app
A team of security researchers at Website Planet recently discovered security flaws in the US President Donald Trump’s mobile campaign app that could’ve allowed hackers to gain access to the users’ private information.
The “Official Trump 2020” app was developed for the promotion of Trump’s re-election campaign, available for download on iOS and Android.
According to the Fox Business, the Official Trump 2020 app saw a huge spike in downloads last month.
“The vulnerability present in the app exposed a few sensitive information in the Android APK file, such as the Twitter Application keys and secrets, Google Apps key, Google Maps key, and Branch.io keys,” James from the Website Planet told Quickcyber.
By exploiting the present vulnerabilities, hackers could impersonate the entire app and potentially access app users and usage data.
“While the exposed keys allowed access to many parts of the app, we concluded in our investigation that user accounts remained inaccessible through this vulnerability. We did not attempt to access any user accounts on the app, as we felt the initial vulnerability was sufficient to alert the Trump campaign,” says the report by Website Planet. “We also concluded that an attacker would still need two additional keys (not exposed) to access any user account, including, potentially, President Trump’s”.
The research team, lead by Noam Rotem and Ran Locar, said they notified the campaign app’s team and some people on the Trump team directly and the issue was fixed within a few days.
“This exposure is significant, and the result of human error. It could easily have been avoided had the app’s development team followed stricter protocols”, the report concluded.