Security experts reported being able to ‘easily hijack’ the 2020 election apps of both US President Donald Trump and his opponent, Democrat Party nominee Joe Biden.
The exposure of the vulnerabilities came just days after Mr Trump falsely claimed that ‘nobody get hacked’ during a campaign event in Tucson, Arizona, on Monday.
‘To get hacked you need somebody with 197 IQ and he needs about 15 per cent of your password,’ the President had continued.
Mr Trump’s comments — which experts branded ‘dumb’ — were made despite that fact that both his Twitter account and hotel chain have both previously been hacked.
Norwegian app security firm Promon used a well-known vulnerability in the Android operating system to add fakes screens to the two candidate’s election apps.
While their additions were comical — showing Mr Biden in a ‘MAGA’ cap and making Mr Trump’s app fundraise for his opponent — the exploit may be used maliciously.
For example, hackers can easily force vulnerable to prompt users into handing over sensitive information — such as usernames, passwords or even credit card details.
Scroll down for video
Security experts reported being able to ‘easily hijack’ the 2020 election apps of both US President Donald Trump and his opponent, Democrat Party nominee Joe Biden. The exposure of the vulnerabilities came just days after Mr Trump, pictured, falsely claimed that ‘nobody get hacked’ during a campaign event in Tucson, Arizona, on Monday
‘The President’s statement sadly reflects a widely believed sentiment that secure passwords will protect you from hackers and that hacking, in general, doesn’t affect the average citizen,’ said Promon Chief Technology Officer Tom Lysemose Hansen.
‘Sadly, this isn’t the case. Absolutely nothing is “unhackable” and even the most secure, high profile accounts are vulnerable should the user fall victim to a phishing attack which seeks usernames and passwords.’
‘The claim that “nobody gets hacked” is simply untrue and — given the influence of the President — can have dangerous impacts on the behaviour of hundreds of thousands of people, he added.
The nature of cybercrime is constantly evolving, Mr Lysemose Hansen warned — adding that malicious attacks often take advantage of current events, such as the US election, or prominent figures to maximise their chances of success.
He added that for ‘security-sensitive apps —such as banking or medical apps —implementing protocols that prevent spyware from spoofing or recording what happens on the app’s screen is crucial if developers are to [stop] hackers.’
Google — and similar operators of other online app and software stores — face ongoing challenges from hackers who aim to sneak their malicious programs onto user devices to secretly harvest sensitive and personally identifiable information.
Promon, however, have some tips to help you remain secure online.
‘We would advise that users always keep their devices up-to-date and running the latest firmware and that they only ever download apps created by trusted developers,’ Mr Lysemose Hansen said.
‘One way to check this is to see if the developer has created any other apps and check the reviews for any and all apps they have developed.’
Norwegian app security firm Promon used a well-known vulnerability in the Android operating system to add fakes screens to the two candidate’s election apps. While their additions were comical — showing Mr Biden in a ‘MAGA’ cap (right) and making Mr Trump’s app fundraise for his opponent (left) — the exploit may be used maliciously. For example, hackers can easily force vulnerable to prompt users into handing over sensitive information — such as usernames, passwords or even credit card details
The technical expertise required to hack the election apps was minimal, Mr Lysemose Hansen added — and certainly does not call for an IQ of 197.
‘Regardless of whether you are new to the world of hacking or are a world-leading security researcher, it is not difficult to hack these apps,’ he explained.
‘Due to this critical Android vulnerability being so well-known, hackers can easily hijack these apps and overlay fake screens.’
These, he added, ‘can depict anything the attacker wants, including screens that ask the user to hand over sensitive information, such as usernames and passwords.’