Gallup blocks security flaw which could have led to fake polling data
Researchers at Checkmarx recently identified critical Cross-Site scripting (XSS) vulnerabilities on the website of polling firm Gallup which they say could have been used by malicious actors to gain access to the survey company’s platform.
The research notes XSS is a vulnerability that might enable attackers to gain ‘full control over an application’s functionality and data’, especially if the user impersonated has been granted special access.
By allowing the execution of arbitrary code, the vulnerability could have even given threat actors the ability to add unauthorized items to user’s shopping carts (as the site also sells customizable surveys and books).
Misinformation risk
The vulnerabilities were discovered in June 2024, but have since been resolved – but in a time where reliable and safe information is so vital, especially relating to political opinion, the consequences of the flaw could have been dire. It is possible a malicious actor could have posted false polling results or information to the site, confirmed the Checkmarx team.
“In an era where misinformation and identity theft pose significant threats, the security of survey platforms is crucial, particularly during pivotal global election cycles,” the report notes. “It’s important to note that this endpoint is commonly used to access Gallup surveys, which may make users more susceptible to exploitation.”
The 2024 election cycle has seen particularly high rates of misinformation and election interference attempts, so it’s important for firms with influence or prominence to ensure security on their sites to keep information safe.
Web defacement is a relatively common practice for hackers to use to spread their message or embarrass the site owners, but in this case the information could easily have been disguised as legitimate, with the intention of swaying voters. In a remarkably close election race, swing state votes in particular are impactful, so any potential vulnerabilities should be closely monitored.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
Researchers at Checkmarx recently identified critical Cross-Site scripting (XSS) vulnerabilities on the website of polling firm Gallup which they say could have been used by malicious actors to gain access to the survey company’s platform. The research notes XSS is a vulnerability that might enable attackers to gain ‘full control…
Recent Posts
- Google wants to make writing code for your business even easier using Gemini AI
- Prime Day laptop deals for 2024: All of the best discounts from Apple, Acer, Lenovo during the Big Deal Days sale
- 18 Best Prime Day Laptop Deals (2024)
- Understanding the proxy market
- Up to 65% Off Walmart Promo Codes – October 2024
Archives
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- December 2011