Trump and Biden campaign applications use easy targets for cyber criminals

US President Donald Trump can be trusted that no one will be hacked, and you need “someone with a 197 IQ” and “about 15% of your password” to hack, but using his official propaganda now vulnerable Android Vulnerability that can be used to spread misinformation – and his rival Joe Biden’s fee is no better.

Trump’s latest misrepresentations, This is ridiculous throughout the industry, Prompted researchers in the Norwegian mobile security system Broman To investigate U.S. election campaign applications, during its analysis, it was found that both Trump’s use and Biden’s were vulnerable to Strandhawk.

Strandhawk – the old Norse word for Viking riding trick – was there first Identified in Broman Last year. The device’s microphone allows vulnerable malware to show proper use and allows cybercriminals to access SMS messages, photos, account credentials, location data, make and record phone calls, and board cameras and activate if successfully exploited on the infected device. Stronghawk 2.0, the most dangerous version Identified in May 2020.

The claim that “no one is being hacked” is simply false, and the president’s influence could have dangerous repercussions on the behavior of hundreds of thousands of people, “said Tom Lycemos Hanson, chief technical officer of Broman.

“If the President of the United States does not believe that cyber attacks are a serious problem, why should the average user take action to protect themselves? Unfortunately, cybercrime continues to develop and malicious attacks are not normal. Tied to current affairs Make sure they are visionary and timely.

“The president’s statement unfortunately reflects the widely believed feeling that passwords will protect you from hackers and that hacking in general will not affect the average citizen,” he said. “Unfortunately, this is not the case. If the user falls victim to a phishing attack that seeks out useless names and passwords, of course nothing is ‘uncountable’, and even the most secure, top-level accounts are vulnerable. ”

In the case of Trump and Biden campaign applications, vulnerability allows hackers to hijack the app and overlay a fake screen that can depict anything the attacker wants, including requests to hand over personal data.

In the source of the comment video, Broman outlined the screen and Trump’s use of inviting users to donate to the Biden campaign via the Act Blue fundraising site, and Biden’s use of the screen depicting the Democratic nominee in the Mac America Great Again hat.

“We hope users always keep their devices up-to-date and running the latest firmware, and they will always download only apps created by trusted developers,” Hansen said. “One way to check this is to see if the developer has created any other applications and check reviews for any and all applications they have created.

“While these two applications do not contain sensitive data or personally identifiable information, it is important for developers to prevent hackers from targeting users if other security-sensitive applications (such as banking or medical applications) are prevented from cheating or implementing protocols that record what is happening on the application’s screen. ”

Google has acknowledged the critique of Stronghawk 2.0 – which has been officially commissioned CVE -2020-0096 – and sent a link to the victim In the Android security update Released in May. Users of Android devices who have not yet used this link have put their personal data and security at risk and should do so immediately.

It is worth noting that Stronghock version 2.0 is particularly dangerous because it can be installed by dropper apps or hostile downloaders distributed via the Google Play Store. So Android users should be careful while installing new apps Despite Google’s best efforts, Malicious applications will still crash through the screening process on a regular basis.

Leave a Reply

%d bloggers like this: