1. Website Planet
  2. >
  3. Blog
  4. >
  5. Trump 2020 Campaign Exposed to Attack via App

Trump 2020 Campaign Exposed to Attack via App

Trump-2020-Campaign-Exposed-to-Attack-via-App.jpg
Website Planet Security Team Website Planet Security Team
Inside this Article
Led by renowned cybersecurity analysts Noam Rotem and Ran Locar, our security research team recently discovered a security vulnerability in US President Donald Trump’s mobile campaign app.

The team discovered the keys to various parts of the app, including its Twitter API.

Trump App Data Exposed

The reelection app exposed the information below in the Android APK file:
  • Twitter Application keys and secrets
  • Google apps key
  • Google maps key
  • Branch.io (mobile analytics) keys
Trump 2020 Campaign Exposed to Attack via App

Impact

The “Official Trump 2020” app was developed for President Trump’s reelection campaign, available for download on iOS and Android. The app’s code revealed keys and secrets, similar to usernames and passwords, that gave access to different parts of the app, such as its Twitter API.

While the exposed keys allowed access to many parts of the app, we concluded in our investigation that user accounts remained inaccessible through this vulnerability. We did not attempt to access any user accounts on the app, as we felt the initial vulnerability was sufficient to alert the Trump campaign.

We also concluded that an attacker would still need two additional keys (not exposed) to access any user account, including, potentially, President Trump’s.

However, a malicious hacker could still use the keys to impersonate the app, and much worse. For example, using the branch.io keys, hackers could potentially access app user and usage data.

Prevention

Vulnerabilities of this kind can easily be prevented with the implementation of more robust security practices. The app should not have revealed such sensitive information.

Simultaneously, any access keys should be secured, and secrets must never be exposed.

This exposure is significant, and the result of human error. It could easily have been avoided had the app’s development team followed stricter protocols.

Status

As soon as we understood the vulnerability completely and the potential damage it could cause, we reached out to the campaign app’s team on the same day and informed them of the exposure. This included contacting some people on the Trump team directly. Their InfoSec replied within a few hours and we shared the details of the vulnerability with them.

A fix was released within a few days.

What is Website Planet?

Website Planet stands as the foremost authority for web designers, developers, digital marketers, and entrepreneurs with an online presence. We provide valuable tools and resources for individuals ranging from beginners to seasoned professionals. Our commitment to integrity and honesty is a source of pride for us.

Our team of ethical security research team discovers and discloses some of the most impactful data leaks, as a free community service we perform for the web at large.

We rank vendors based on rigorous testing and research, but also take into account your feedback and our commercial agreements with providers. This page contains affiliate links. Advertising Disclosure
Website Planet Security Team
Website Planet Security Team
Website Planet is the number one resource for web designers, digital marketers, developers, and businesses with an online presence.
Our team of ethical security research experts uncovers and discloses serious data leaks as part of a free community service we perform for the web at large.

Follow our experts on
Rate this Article
4.5 Voted by 2 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Reply
View %s replies
View %s reply
Related posts
Show more related posts
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

So happy you liked it!

Share it with your friends!

Or review us on

1544840
50
5000
11029598