Tory party conference app with ZERO login security hacked by pranksters

happygeek 0 Tallied Votes 1K Views Share

Guardian newspaper columnist Dawn Foster posted images on Twitter this weekend showing how she was able to login to the official Conservative party conference app as Boris Johnson, until recently the UK Foreign Secretary. Not only was there no password required to login to the app, all that was required was an email address, but once in all the details of user registration were accessible. So, in the case of Alexander Boris de Pfeffel Johnson (yes, that is his real name) that meant contact details such as his mobile phone number. It also meant that the logged in user could then post messages and comments in the account holders name.


The Conservative party issued a statement on Saturday which apologised for "any concern caused" and confirmed that "the technical issue has been resolved and the app is now functioning securely." However, not before Boris Johnson's profile image had been changed to a pornographic one and that of Environment Secretary, Michael Gove, swapped for a picture of Rupert Murdoch. Some ministers, and other MPs, apparently reported receiving nuisance calls following the app breach.

The Information Commissioner's Office has confirmed that it is investigating the incident, and bite the Tories with a large fine. Under the EU General Data Protection Regulation (GDPR), which the app stated it complied with in it's privacy policy, that could be in the millions.


You may well think that this particular breach is somewhat small fry, rather than big fish, in terms of the numbers of people and type of data exposed. And you'd be right, were it not that some of the people whose details have been shared online are very big fish indeed within the Conservative party and the UK Government. This means that the political fallout could be more problematical than the regulatory financial consequences. Especially when you consider the push for more regulation of social networks, law enforcement access to encrypted to data and the like, from the direction of, erm, the Tories. One has to wonder how they are proposing to keep all the data collected by increased snooping powers safe when they cannot even secure a relatively simple, and distinctly small, thing as a conference app.


JamesCherrill 4,577 Most Valuable Poster Moderator Featured Poster

Does logging in to a system that requires no password count as "hacking"?

rproffitt 2,339 "Nothing to see here." Moderator

A funny hack would be to change all the attendee photos to Boris Yeltsin. Well that would have been a hoot.

I can share that the few encounters with political parties is they tend to be cheap when it comes to web works. It shows at times.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Does logging in to a system that requires no password count as "hacking"?

You may well have a point there ;-)

Reverend Jim 3,956 Hi, I'm Jim, one of DaniWeb's moderators. Moderator Featured Poster

Does logging in to a system that requires no password count as "hacking"?

There was a case a while ago where two men discovered that they could manipulate a video poker machine by pressing buttons in a very specific sequence. They were charged with hacking when they won a pile of money but their lawyer successfully argued that they were legally entitled to press the buttons in any sequence they wanted.

alan.davies 185 What's this?


This post has no text-based content.
Reverend Jim commented: Quit clowning around ^_^ +15
rproffitt commented: Ah, our recent political convention. +15
happygeek commented: Boris and Rees-Mogg? +16
pty 882 Posting Pro

And these clowns want companies to add backdoors and to circumvent encryption. I hope the GPDR gives them a nice kick up the arse while we embarrass ourselves on the world stage by leaving the EU.

rproffitt commented: Sounds like The Clash to me. +15
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.