National: Trump and Biden campaign apps easy targets for cyber criminals | Alex Scroxton/Computer Weekly
US president Donald Trump may seem to believe nobody gets hacked, and that to get hacked you need “someone with 197 IQ” and “about 15% of your password”, but his official campaign app is right now vulnerable to an easy-to-exploit Android vulnerability that could be used to spread misinformation – and his rival Joe Biden fares no better. Trump’s latest false pronouncements, which attracted derision across the industry, prompted researchers at Norwegian mobile security outfit Promon to investigate the US election campaign apps, and during its analysis, it found both Trump’s app and Biden’s are vulnerable to StrandHogg. StrandHogg – an old Norse word for a Viking raiding tactic – was first identified at Promon last year. The vulnerability allows malware to pose as a legitimate application and if successfully exploited on a victim device enables cyber criminals to access SMS messages, photos, account credentials, location data, to make and record phone calls, and to activate on-board cameras and the device’s microphone. StrandHogg 2.0, a more dangerous version, was identified in May 2020.