Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec: Cruz and Kasich Campaign Apps May Expose Sensitive Data (go.com)

Posted by BeauHD on from the permission-granted dept.

An anonymous reader writes: Apps released by the campaigns of Republican presidential contenders Ted Cruz and John Kasich have the potential for hackers to access users' personal information. According to an independent analysis by Symantec, the "Cruz Crew" app could allow third parties to capture a phone's unique identifying number and other personal information while the Kasich 2016 app could expose users' location data and information about other apps installed on the phones. First it was Veracode that reported potential vulnerabilities with the apps, now it's Symantec. Apparently the Cruz campaign updated its app to resolve the issues after the Veracode report was released. Kasich spokesman Rob Nichols said the security experts didn't know what they were talking about. Both campaigns have yet to respond to the latest Symantec analysis. Neither security firm found any issues in the app released by the campaign of Democrat Bernie Sanders. Republican Donald Trump and Democrat Hillary Clinton do not have campaign apps.

32 comments

  1. Campaign app? by tomhath · · Score: 3, Interesting

    Does anyone actually install those things? I can't think of any reason I would want one on my phone.

    1. Re:Campaign app? by Crashmarik · · Score: 3, Informative

      If you are a campaign volunteer they are very useful. I have seen apps used to coordinate events, telephone trees and canvasing.

    2. Re:Campaign app? by TheGratefulNet · · Score: 2

      whatsamatter? email, all of a sudden, stopped working?

      sheesh!

      every app is a security question: and since you almost never get source and even when you do, it may not be the actual source. why install apps that are not truly necessary?

      I never understood the urge to install everything in sight. I guess I'm just old, I guess. that, or I have a reasonable understanding of security. ("why not both?")

      --

      --
      "It is now safe to switch off your computer."
    3. Re:Campaign app? by ShanghaiBill · · Score: 3, Insightful

      whatsamatter? email, all of a sudden, stopped working?

      sheesh!

      Email is not a good tool for event management. Messages are not synchronized, and people read and reply out of order. The process starts to fall apart when you go beyond about six people.

    4. Re:Campaign app? by Aighearach · · Score: 1

      That's why each campaign hires software consultants to write them a custom app that they can "trust."

    5. Re:Campaign app? by jellomizer · · Score: 2

      Depending on you are in the late 1990 early 2000 old school you believe in the idea of using generic tools to do your work. Which trades off effency of the task on hand with the ability to work with a well maintained system.
      Late 2000s to today we are likening the idea of more custom solutions to our tasks so we can do what we need more effectively and easier. At the expense of having less maintained system.
      Today's app and cloud consept is more akin to the old PC program and mainframe of the mid 1980's. However today we have the ability to make far more reliable apps (due to less system limitations) and servers can scale much easier.

      It isn't about smart vs stupid or old vs new it is about choosing which trade offs you are willing to risk for the reward. And as technology advances these trade offs change.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    6. Re:Campaign app? by sabbede · · Score: 3, Insightful
      Is that what these apps are for? Seems to me you'd want special purpose-built and private apps for campaign volunteers to help with all that, and a separate, mostly useless app for supporters. I'd think the latter would be little more than a frontend for media feeds.

      I wonder if there's a company making a basic, non-partisan, campaign volunteer app that can be used (and branded) for any campaign that signs up. Instead of each campaign writing it's own, write one great one and sell it to everyone. Charge the campaign a per-user fee, so it's affordable for any size campaign, and an extra fee for branding because big campaigns will want it and be able to pay extra.

      Is that how it works now, or has the market not recognized the opportunity?

    7. Re:Campaign app? by Anonymous Coward · · Score: 0

      Does anyone actually install those things? I can't think of any reason I would want one on my phone.

      On a phone, no, on a tablet, maybe. But since I support Trump, it's not an option

  2. Is this newsworthy? by Okian+Warrior · · Score: 1

    An app could leak your private information.

    Is this newsworthy? Are these apps somehow more interesting or important than all the other apps that leak info?

    This doesn't tell us *anything* about Cruz or Kasich. Even the Kasich spokesman saying that experts "don't know what they're talking about" isn't particularly interesting, it tells us nothing about Cruz or Kasich, and shouldn't be paraded around as yet another reason that this-or-that campaign is defective.

    I don't know why these specific apps are called out, except that they somehow relate to the candidates.

    Would someone like to report what those candidates political stand for?

    That would be interesting.

    1. Re:Is this newsworthy? by fustakrakich · · Score: 1

      I don't know why these specific apps are called out...

      Um, I think the story is about Symantec

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:Is this newsworthy? by ShanghaiBill · · Score: 1

      This doesn't tell us *anything* about Cruz or Kasich. Even the Kasich spokesman saying that experts "don't know what they're talking about" isn't particularly interesting, it tells us nothing about Cruz or Kasich

      Yes, it tells us a lot. A president's most important task is to surround himself with competent people. Cruz and Kasich have both failed that test.

  3. TRUMP 2016 by Anonymous Coward · · Score: 0

    Trump won't leak your personal information. Vote for Trump!

    1. Re:TRUMP 2016 by rmdingler · · Score: 1

      Neither security firm found any issues in the app released by the campaign of Democrat Bernie Sanders. Republican Donald Trump and Democrat Hillary Clinton do not have campaign apps.

      By this measure alone, the Clinton candidate is your equal, and the Sanders candidate is your superior.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

  4. superdoof K by harvey+the+nerd · · Score: 1

    John "karate chop" Kasich typically doesn't know what he's talking about. Remember his screeches, stupidity and long boring interruptions in the 2015 debates?

  5. If symantec had any cred at all by Revek · · Score: 1

    They don't though. People buy their product and when they have trouble they call in and get transferred to some non English speaking country, where the scammers they employ get remote access to computer and create the sense the machine needs more work. Crappy tactics like filtering the event viewer to only show critical errors. When they get done nine times out to ten the customer has spent an extra 300 bucks and their machine is usually more hosed than it was. So what symantec thinks about security, isn't worth knowing.

  6. Re:I fail to see by CajunArson · · Score: 1

    I see your sig is taken from the official Bernie Sanders campaign manifesto. Too bad he doesn't understand the meaning of the word irony.

    --
    AntiFA: An abbreviation for Anti First Amendment.
  7. Well, the news did say they were teaming up by fustakrakich · · Score: 1

    I guess this is just part of the deal. All the other campaigns might not be spilling data, but you can be sure they are collecting, so be sure to vote "correctly"...

    --
    “He’s not deformed, he’s just drunk!”
  8. Zodiac by PopeRatzo · · Score: 1, Flamebait

    How could you not trust an app from this man?

    https://media.salon.com/2013/1...

    --
    You are welcome on my lawn.
    1. Re:Zodiac by geoskd · · Score: 1, Offtopic

      How could you not trust an app from this man?

      I have to fight the urge to hit that man, never mind trust him. He looks like the kind of scum you would expect to find selling lemons on a used car lot...

      --
      I wish I had a good sig, but all the good ones are copyrighted
    2. Re:Zodiac by PopeRatzo · · Score: 1

      I have to fight the urge to hit that man, never mind trust him.

      That is absolutely everyone's reaction to Ted Cruz. It's really uncanny.

      All kidding aside, I'm not completely comfortable with having as a president who will have to deal with foreign leaders someone who everyone just wants to punch in the face on sight.

      --
      You are welcome on my lawn.
  9. well that's what they get by supernova87a · · Score: 2, Insightful

    For employing faith-based coding and security practices!

  10. Kasich's Team Response? by Fnord666 · · Score: 2

    Kasich spokesman Rob Nichols said the campaign's staff reviewed Veracode's analysis and did not find it credible.

    "Your firm doesn't understand our product," Nichols said. "They don't know what they don't know."

    Asked for details of what the campaign felt was in error, Nichols replied: "I'm not a tech person."

    Seriously? Anyone who has Kasich's app installed should uninstall it immediately.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  11. You can't call that campaign by Trachman · · Score: 0

    You can't call Kasich performance a campaign.

      It is a deli tour. I sincerely think that governor Kasich is in a race because of the free food that they can get.

    1. Re:You can't call that campaign by sabbede · · Score: 1
      HAH! That's a good one!

      Realistically though, I think he's hoping that at a brokered convention he'll be the one to end up with the nomination because he's the only one not hated by large chunks of the party.

      Your idea is funnier though.

  12. Re: I fail to see by Anonymous Coward · · Score: 0

    So because you don't like someone or their religious beliefs, it's okay for their data to be compromised? Go fuck yourself, asshole. I hope your personal information is compromised and posted daily on Slashdot for anyone to steal your identity. Motherfucker.

  13. Maybe I'm "jaded".... by Frosty+Piss · · Score: 3, Informative

    According to a corrupt and dieing so-called "anti-virus" company that sells a piece of malware to unsuspecting luddites, there COULD be a problem with some political app...

    I would probably agree that such apps are poorly written and may very well be suspect. But Symantec doesn't rate high in my books as a "reliable source".

    My guess is that they have a product that will take care of this issue.

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Maybe I'm "jaded".... by UnknowingFool · · Score: 1

      Hastily built apps having poor security is probably the norm for all these candidate apps. I don't see that Symantec being wrong about their security (notwithstanding their poor reputation). After all, the quality of these apps are a fine example to "Amercia".

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
  14. Hillary's App by Anonymous Coward · · Score: 0

    ...would be the most secure of all because it would be run from a private server in a basement somewhere.

  15. Regression by bretts · · Score: 1

    Today's app and cloud concept is more akin to the old PC program and mainframe of the mid 1980's.

    And in a similar way, it takes power away from the individuals and transfers it to those who own the mainframes, er... "cloud servers." Wonder if it's a response to Open Source?

    1. Re:Regression by jellomizer · · Score: 1

      Most cloud systems have an Open Source back end. I don't think it is a response to it. It is more due to the fact that it is cheaper to get faster network connections than cheaper hardware.

      back in the 1980s a million dollar mainframe could handle about a thousand users, and dumb terminals with 9600bps serial connections to dumb terminal costing about a grand were cheaper than giving thousand people PC's for $5,000 (that price allowed them to be powerful enough to handle the work).
      In the 1990's PC prices for good enough systems fell within the $2,000 range. Making it cheaper for people to have PC's to do their work, perhaps connecting to $100,000 servers, over 10mbs network.
      In the 2000's the rise of PC hardware servers with cheaper OS (Linux/Windows) with the combination of Internet speeds well above 5mbs allowed for more work to go the servers again.
      2010's Mobile devices with low power and network speeds over 10mbs and still the cheaper servers now setup with a Cloud configuration to better handle utilization made most of the processing back on the server.
       

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  16. How brands decay by bretts · · Score: 1

    Symantec is a recognized and trusted name. Cynical people take such names and replace the original product with a scam, then trade on the name and earn short-term wealth, burning out the value of the name. This seems to me to be the reason why there are so few trusted companies that last more than a couple decades.