- The hackers can access information such as political opinion, social contacts, demographic data, telephone numbers, and physical addresses.
- Besides the Lukid app, researchers also found flaws in the Labor app.
Serious security flaws in Likud, Labor party Android app, can allow hackers to access the data of Likud party members and their highly sensitive information. The data comes to the light when various parties are prepping up for upcoming internal election to be held on April 9, 2019.
What’s the matter - Researchers from Check Point examined the apps offered by three political parties - Likud, Labor, and the Yashar - and found that Likud is vulnerable to several crucial flaws. The flaws could grant hackers access to the personal details of the party members.
The information that can be accessed includes political opinion, social contacts, demographic data, telephone numbers, and physical addresses. This data can be of great use for hackers in cyberspace. In addition to this, the app also revealed the whole list of Likud members and their credit card numbers.
How the data can be accessed - Lotem Finkelstein, the head of the threat intelligence desk at Check Point, explained that the hack can be accomplished just by knowing the phone number of a person with the Likud app. Furthermore, he noted that the data on the app’s server was not encrypted and stored in a plain text.
What about the Labor app - Besides Lukid app, the Check Point researchers also found flaws in the Labor app, The Times of Israel reported. The bugs could enable the Labor party operators to access the entire contact list of the person who has downloaded the app. Once collected, the operator can send the information back to the server. However, this is possible only on Apple iOS devices as the app violates Apple’s privacy agreements.
What actions have been taken - Following the discovery of flaws, Check Point has alerted Israel’s Privacy Protection Authority. The researchers have also alerted the parties about these vulnerabilities. The Likud party has addressed the issue immediately and confirmed that there was no damage to the data of their party members.