Login

Register

Login

Register


An election app used by Israel’s Likud party has leaked the personal information of all of the country’s voters, it has emerged.

Developed and managed by a company called Feed-b, the Elector app is used by prime minister Netanyahu’s party to contact voters with news and updates.

However, serious security and privacy concerns have swirled in Israeli media about the app, before researcher Ran Bar-Zick decided to take a look.

He found serious security deficiencies that exposed the full names, identity card numbers, addresses, phone numbers, gender and other personal details of every eligible voter in Israel.

According to Bar-Zick, all a visitor to the app’s home page would need to do is right click and choose “view source” to expose the underlying code, which reveals all admin usernames and passwords. Entering these would allow an attacker to log in as admin and download the entire voter registry.

The problem stemmed from an API endpoint which was left exposed without a password, and a lack of two-factor authentication throughout the site.

Feed-b claimed it was a “one-off incident that was immediately dealt with.” However, there are concerns that the app also breaches privacy laws because it allows users to also add information including phone numbers on friends and family members whom they believe may vote for Likud.

It’s unclear whether any cyber-criminals or nation state hackers managed to take advantage of the leaky app before the security issue was addressed. The personal details of Israeli lawmakers, military and other VIPs would be of significant interest to many Middle East rivals.

The irony is that Israel prides itself on the quality of its computer engineers. It has a thriving cybersecurity industry, with many companies spun out of former military projects.

Netanyahu himself has boasted in the past that the state’s cyber-spooks have managed to help allies foil numerous terror plots thanks to their signals expertise.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW