A security vulnerability in President Trump’s mobile campaign app exposed Twitter application keys and secrets, Google apps and maps keys and Branch.io keys in the Android APK file, researchers at Website Planet recently discovered.
A research team led by Noam Rotem and Ran Locar said the exposed keys and secrets provided access to the app’s Twitter API and other parts of the app. “While the exposed keys allowed access to many parts of the app, we concluded in our investigation that user accounts remained inaccessible through this vulnerability,” according to a Website Planet blog post. “We did not attempt to access any user accounts on the app, as we felt the initial vulnerability was sufficient to alert the Trump campaign.”
The researchers said an attacker would need two additional keys to access accounts of Trump or any other user. “However, a malicious hacker could still use the keys to impersonate the app, and much worse,” the researchers said. “For example, using the branch.io keys, hackers could potentially access app user and usage data.”
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.