Experts ‘easily hijack’ the election apps of both Biden and Trump just days after the President falsely declared ‘nobody gets hacked’
- Mr Trump made the false claim at a campaign event in Arizona on October 21
- Norwegian experts used a well-known Android vulnerability to alter the apps
- They tweaked the Republican app so that it fundraised for Mr Biden, for example
- Meanwhile, they depicted the Democrat nominee as wearing a red MAGA cap
- The same weakness could be used to steal personal data, the experts warned
- Both Mr Trump’s twitter account and hotel chain have previously been hacked
The exposure of the vulnerabilities came just days after Mr Trump falsely claimed that ‘nobody get hacked’ during a campaign event in Tucson, Arizona, on Monday.
‘To get hacked you need somebody with 197 IQ and he needs about 15 per cent of your password,’ the President had continued.
Mr Trump’s comments — which experts branded ‘dumb’ — were made despite that fact that both his Twitter account and hotel chain have both previously been hacked.
Norwegian app security firm Promon used a well-known vulnerability in the Android operating system to add fakes screens to the two candidate’s election apps.
While their additions were comical — showing Mr Biden in a ‘MAGA’ cap and making Mr Trump’s app fundraise for his opponent — the exploit may be used maliciously.
For example, hackers can easily force vulnerable to prompt users into handing over sensitive information — such as usernames, passwords or even credit card details.
Scroll down for video
Security experts reported being able to ‘easily hijack’ the 2020 election apps of both US President Donald Trump and his opponent, Democrat Party nominee Joe Biden. The exposure of the vulnerabilities came just days after Mr Trump, pictured, falsely claimed that ‘nobody get hacked’ during a campaign event in Tucson, Arizona, on Monday
‘The President’s statement sadly reflects a widely believed sentiment that secure passwords will protect you from hackers and that hacking, in general, doesn’t affect the average citizen,’ said Promon Chief Technology Officer Tom Lysemose Hansen.
‘Sadly, this isn’t the case. Absolutely nothing is “unhackable” and even the most secure, high profile accounts are vulnerable should the user fall victim to a phishing attack which seeks usernames and passwords.’
‘The claim that “nobody gets hacked” is simply untrue and — given the influence of the President — can have dangerous impacts on the behaviour of hundreds of thousands of people, he added.
The nature of cybercrime is constantly evolving, Mr Lysemose Hansen warned — adding that malicious attacks often take advantage of current events, such as the US election, or prominent figures to maximise their chances of success.
He added that for ‘security-sensitive apps —such as banking or medical apps —implementing protocols that prevent spyware from spoofing or recording what happens on the app’s screen is crucial if developers are to [stop] hackers.’
Google — and similar operators of other online app and software stores — face ongoing challenges from hackers who aim to sneak their malicious programs onto user devices to secretly harvest sensitive and personally identifiable information.
Promon, however, have some tips to help you remain secure online.
‘We would advise that users always keep their devices up-to-date and running the latest firmware and that they only ever download apps created by trusted developers,’ Mr Lysemose Hansen said.
‘One way to check this is to see if the developer has created any other apps and check the reviews for any and all apps they have developed.’
Norwegian app security firm Promon used a well-known vulnerability in the Android operating system to add fakes screens to the two candidate’s election apps. While their additions were comical — showing Mr Biden in a ‘MAGA’ cap (right) and making Mr Trump’s app fundraise for his opponent (left) — the exploit may be used maliciously. For example, hackers can easily force vulnerable to prompt users into handing over sensitive information — such as usernames, passwords or even credit card details
The technical expertise required to hack the election apps was minimal, Mr Lysemose Hansen added — and certainly does not call for an IQ of 197.
‘Regardless of whether you are new to the world of hacking or are a world-leading security researcher, it is not difficult to hack these apps,’ he explained.
‘Due to this critical Android vulnerability being so well-known, hackers can easily hijack these apps and overlay fake screens.’
These, he added, ‘can depict anything the attacker wants, including screens that ask the user to hand over sensitive information, such as usernames and passwords.’
WHICH SMART HOUSEHOLD GADGETS ARE VULNERABLE TO CYBER ATTACKS?
From devices that order our groceries to smart toys that speak to our children, high-tech home gadgets are no longer the stuff of science fiction.
But even as they transform our lives, they put families at risk from criminal hackers taking advantage of security flaws to gain virtual access to homes.
A June 2017 Which? study tested whether popular smart gadgets and appliances, including wireless cameras, a smart padlock and a children’s Bluetooth toy, could stand up to a possible hack.
The survey of 15 devices found that eight were vulnerable to hacking via the internet, Wi-Fi or Bluetooth connections.
Scary: Which? said ethical hackers broke into the CloudPets toy and made it play its own voice messages. They said any stranger could use the method to speak to children from outside
The test found that the Fredi Megapix home CCTV camera system operated over the internet using a default administrator account without a password, and Which? found thousands of similar cameras available for anyone to watch the live feed over the internet.
The watchdog said that a hacker could even pan and tilt the cameras to monitor activity in the house.
SureCloud hacked the CloudPets stuffed toy, which allows family and friends to send messages to a child via Bluetooth and made it play its own voice messages.
Which? said it contacted the manufacturers of eight affected products to alert them to flaws as part of the investigation, with the majority updating their software and security.