United States President Donald Trump’s 2020 Presidential Campaign App leaked Twitter App keys and secrets, Google apps and maps keys and Branch.io keys
It’s June 2020 and the election jamboree in the United States has started picking up. The U.S. Presidential elections are to be held in 2020 and President Donald Trump is seeking a second term while Democrat candidate, Joe Biden is his challenger.
In the meantime, a team of researchers has found a security vulnerability in President Trump’s mobile campaign App for Android called Official Trump 2020 App. The research team led by Noam Rotem and Ran Locar from Website Planet found that the App revealed President Trump’s Twitter application keys and secrets, Google apps, and maps keys and Branch.io keys.
The researchers unpacked the Official Trump 2020 App and found that they could easily access the exposed keys and secrets. These keys and secrets if exploited could have given any potential hacker access to the app’s Twitter API and other parts of the app.
While the exposed keys allowed access to many parts of the app, we concluded in our investigation that user accounts remained inaccessible through this vulnerability. We did not attempt to access any user accounts on the app, as we felt the initial vulnerability was sufficient to alert the Trump campaign.
Website Planet blog post.
The researchers said if the exposed data was exploited, the potential hacker would need two additional keys to access accounts of Trump or any other user. “However, a malicious hacker could still use the keys to impersonate the app, and much worse,” the researchers said. “For example, using the branch.io keys, hackers could potentially access app user and usage data.”
The Website Planet team alerted President Trump’s campaign team who patched the App a few days later. It is not known whether anybody other than the researchers have could have accessed the exposed data earlier.