For the first time in United States election history, hacking has been an almost daily part of the news cycle. Hillary Clinton’s campaign manager, John Podesta, had his phone and email hacked, allegedly by Russia, and then WikiLeaks has been releasing those emails on a near-daily basis. As a result, there has been a lot of talk about cyber security and the potential for election fraud.
The good news for the American populace is that widespread, systemic election fraud would be very difficult to accomplish, because each county has a lot of freedom to decide how their residents vote. That means that there is no centralized system a single entity could hack. That’s the good news. The bad news is that a lot of voters are still at risk to mobile security threats, but not in ways they might think. Let me explain.
This election has produced huge levels of emotion from people supporting their candidates and causes largely driven by social media, wall-to-wall cable coverage and poll frenzies. Passionately supporting a candidate or party is what makes democracy great, but it is also something cyber attackers are actively seeking to exploit. They know that when people are emotional, they are impulsive.
This, to cyber attackers, is a gold mine, which could manifest itself in ways which normal voters might not have thought of. To help our country’s voters stay mobile-safe during this election cycle, here are three potential mobile threats to consider:
- Free (and fake) Campaign Rally Wi-Fi: Let’s say you’re at your preferred candidate’s rally. You’re having a blast and enjoying the electricity that’s in the air. You snap a great picture of your candidate speaking and you want to post it- but not using your data plan which is maxed out. You browse the available Wi-Fi networks and find an open one that clearly supports your candidate. Maybe it’s named “Trump4Pres” or “ImWithHerWIFI”. You quickly join it, log in to Facebook, post your picture, and pop the phone back in your pocket without thinking twice.Unfortunately, people should absolutely think twice. A campaign rally is a prime spot for cyber attackers to setup a fake Wi-Fi network. They know it will have lots of people who are distracted and energized in attendance, and are sure to capture a few unsuspecting voters. In fact, looking at some of the key battleground states, Skycure research has detected 3,346 malicious network events in Florida, 594 in Nevada, 548 in Virginia, and 431 in Pennsylvania. That’s almost 5,000 malicious network incidents in just 4 key battleground states! Could some of these have occurred at a campaign rally? Absolutely.
- Fun (but malicious) election mobile games: Maybe you’re not into the election enough to go to a rally, but maybe you’re willing to have a little fun at your opponent’s expense via a fun game on your mobile device. There are no shortage of these in the app store, whether you’re looking for “Punch the Trump” which has been downloaded over 1,000,000 times or others like “Whack-a-Hillary”, “Trump’s Wall – Build it Huge”, or “Hillaroids”.While these games may be fun and help voters blow off some steam at the expense of their opponent, that doesn’t mean they’re safe. To date, these games have not been found to host malicious software, but this theme isn’t unheard of. Just one month ago it was found that over 400 apps in the Google Play Store were infected with malware called DressCode. This malware allowed cyber attackers to eavesdrop on users and take control of their devices for anyone who installed these apps. One of the most popular apps that was targeted was “Mod GTA 5 for Minecraft”, which targeted players of the hugely popular game Minecraft.
- Official-looking (but unofficial) campaign websites: Today’s candidates are notoriously bad at not buying the right domain names for their campaigns. For example, during the Republican primaries, Jeb Bush failed to register JebBush.com, which was then purchased by a Trump supporter and routed to DonaldJTrump.com. While JebBush.com should have been scooped up by Jeb’s team, it is fair to say that there are too many domain name combinations for any one candidate to think of and purchase.As a result, there are plenty of homegrown candidate pages that are unaffiliated (at best) with their candidate, or potentially malicious (at worst). It wouldn’t be hard at all for a cyber attacker to register HillaryRocks.com or TrumpForPrez.com, clone the HTML from the candidate’s official page, and then setup new forms to capture people’s contact and credit card information from anyone who bypasses the SSL Certificate or malicious page warnings. The user thinks they’re donating to their candidate, but really they’re donating their personal information to an attacker.
As you can see it is not unheard of- in fact, it is the norm- for cyber attackers to find things which users are passionate about, and then use that passion to bait them into using one of their exploits. This election is no exception, so we encourage all voters to exercise due diligence when using their mobile device in their election efforts.
If you’re looking to proactively beef up security on your own mobile device, be sure to install the Skycure mobile app (iOS download, Android download) which protects you from the types of exploits we discussed above. And, if you’re an IT professional looking to proactively defend your end users from threats like this, be sure to read more on Skycure’s Mobile Threat Defense enterprise solution or watch some of our media coverage on networks like CNBC, Fox, ABC, and more.
And, of course, no matter who you support in this election please remember to go out and vote on November 8th!