MAGA App Dev Mad After Security Snafu

Written by

The developer of an app for US conservatives has hit out at a researcher who exposed fundamental security shortcomings that put users at risk.

The individual, who goes by the name Elliot Alderson on Twitter and claims to be a French security researcher, was quick to take down the 63red Safe app launched over the weekend.

The Yelp-like app makes promises about “keeping conservatives safe” by showing listings for shops and restaurants which are supposedly MAGA-friendly.

However, the app itself was found to be far from safe for its users.

Anderson revealed that the developer hard-coded his credentials into its code, and added no authentication to the APIs used to retrieve data from its server.

This meant the researcher was able to retrieve information on all users who had signed up, including profile picture, username, ID and email address. He claimed that just 4466 people had signed up, as of Tuesday.

By exploiting the same exposed APIs the researcher was able to perform other tasks like blocking users.

However, the app’s developer and founder Scott Wallace has reacted badly to this public security disclosure.

“We see this person’s illegal and failed attempts to access our database servers as a politically-motivated attack, and will be reporting it to the FBI later today,” he said in a blog post.

“We hope that, just as in the case of many other politically-motivated internet attacks, this perpetrator will be brought to justice, and we will pursue this matter, and all other attacks, failed or otherwise, to the utmost extent of the law. We log all activity against all our servers, and will present those logs as evidence of a crime.”

For the record, Alderson, which is the same name as the fictional character from TV show Mr Robot, has previously exposed security issues with right-wing mobile apps.

Back in October he revealed how the Donald Daters app had leaked its entire database of users on launching.

What’s hot on Infosecurity Magazine?