Security researchers uncover Trump campaign app vulnerability
June 15, 2020
A team of security researchers discovered a vulnerability in the mobile app of Donald Trump's campaign that might have allowed hackers to gain access to user data, they said in a Monday report.
The Website Planet researchers, led by Noam Rotem and Ran Locar, said they notified the campaign's information security team and that a fix was issued within a few days.
The "Android Package" file exposed a set of security safeguards known as the Twitter application keys, Google apps key, Google maps key and Branch.io keys in the Official Trump 2020 App, the researchers found.
The researchers concluded the flaw didn't expose any user data, but that it would have given an intruder a way in.
"While the exposed keys allowed access to many parts of the app, we concluded in our investigation that user accounts remained inaccessible through this vulnerability," they said. "We did not attempt to access any user accounts on the app, as we felt the initial vulnerability was sufficient to alert the Trump campaign."
"We also concluded that an attacker would still need two additional keys (not exposed) to access any user account, including, potentially, President Trump's," they continued. "However, a malicious hacker could still use the keys to impersonate the app, and much worse. For example, using the branch.io keys, hackers could potentially access app user and usage data."
Source: https://www.politico.com/
