A security vulnerability in the mobile campaign app lets hackers view security safeguards known as Twitter application keys, Google apps, and maps keys and Branch.io keys in the .apk file. Website Planet researchers, Noam Rotem and Ran Locar, concluded that the flaw did not expose any user data, but it did give the intruder a way inside. They notified Trump’s campaign team, and within a few days, the flaws were fixed. The researchers did not attempt to access any user accounts as they felt this initial vulnerability was sufficient to notify Trump’s campaign. They stated that two additional keys would be required to access the Twitter accounts of users, but these keys were not exposed. They also stated that with these keys, hackers could impersonate the app, and with the Branch.io keys, hackers could potentially access app user and usage data.

CyberManipal.

Vulnerability in Trump campaign app revealed keys and secrets

June 19, 2020

More of MIST

About MIST