The U.S. Presidential Elections will be held on November 3, 2020. The two candidates, President Donald Trump and Republican candidate Joe Biden are going head-to-head in many states, so much so that even the exit polls present uncertainties. The two have made many public appearances during their presidential campaigns to reach out to the masses and address their concerns. During one such campaign rally held in Tucson, Arizona, Trump sadly played down the grievousness of hacking, stating, “Nobody gets Hacked.” However, days later, Promon, a Norwegian cybersecurity firm, hacked both Trump and Joe Biden’s election apps to prove: “Everything can be hacked.”
“Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15 percent of your password.”pic.twitter.com/6aR8yU2MVg
— Judy Ruliani (@mshelton) October 19, 2020
- At a campaign event in Tucson, Arizona on October 21, President Trump made a false claim that “Nobody gets Hacked.”
- Promon cybersecurity firm’s white hat hackers used a well-known Android vulnerability to alter President Trump’s and his rival Joe Biden’s election apps to show nothing is safe.
- Experts at Promon said that the same weakness could be used to steal personal data of app users.
- The claim shocked everyone as President Trump’s Twitter account and hotel chain have both been hacked previously.
What is the Vulnerability?
The white hat hackers at Promon were analyzing the election apps of the two candidates when they discovered that both apps were highly vulnerable to a known and critical Android vulnerability known as StrandHogg. This vulnerability allows malware gangs to hijack legitimate apps and perform malicious operations like phishing. In fact, the 2.0 version of this vulnerability enables cybercriminals to hijack nearly any app running on Android 9.0 devices and below. This further enables stealing of user credentials without any fuss.
Promon’s Chief Technology Officer, Tom Lysemose Hansen said, “The president’s statement sadly reflects a widely believed sentiment that secure passwords will protect you from hackers and that hacking, in general, doesn’t affect the average citizen. Sadly, this isn’t the case. Absolutely nothing is ‘unhackable’ and even the most secure, high profile accounts are vulnerable should the user fall victim to a phishing attack which seeks usernames and passwords.” He added, “The claim that ‘nobody gets hacked’ is simply untrue and — given the influence of the president — can have dangerous impacts on the behavior of hundreds of thousands of people.”
So, the bottom line of the entire episode is that “Everything can be hacked,”— yes, even POTUS apps and accounts. So no one should be complacent when it comes to their personal online cybersecurity.