Tech

Senior Tory MPs’ phone numbers exposed in Conservative Conference app flaw

A major security flaw in the official Conservative Party Conference app has been uncovered, which allowed anyone to access and change the personal details of ministers, MPs and all other attendees.

The app did not require a password to access attendees’ accounts, making it possible to access the email addresses and mobile phone numbers of Chancellor Philip Hammond and former foreign secretary Boris Johnson.

Anybody could type in an attendee’s email address – MP’s are available on the parliament website – to access their profile.

Sky News has found that it was also possible to change the photos and details of cabinet members, MPs, journalists and local councillors attending conference in Birmingham.

Environment secretary Michael Gove’s picture was reportedly changed to one of Rupert Murdoch, and his email to a fictional Sun newspaper address.

Image:
Chancellor Philip Hammond was also affected by the security flaw

It raises questions over whether the app breaches data protection policy.

The security flaw, which happened as Tory Party members arrived at conference for its first day, has now been fixed.

Events technology company Crowd Comms created the app, with the terms and conditions directing users to the firm’s offices in Australia.

The app’s privacy policy states that it “complies with…the European Union’s General Data Protection Regulation (GDPR)”.

A Conservative Party spokesman said: “The app has been taken offline while we resolve the issues with the app.”

Sky News political editor Faisal Islam was among those who could easily be searched, and his details made available.

It also was possible to change the photos of journalists - including Sky's political editor
Image:
It also was possible to change the photos of journalists – including Sky’s political editor

Jon Craig, Sky News’ chief political correspondent, at conference, said: “We haven’t even started the conference yet and they’ve had a blunder.

“Last year, at the end of conference, the letters fell down on the set behind the prime minister as she spoke.

“People are just arriving, the Tory party chairman only arrived in the past hour – he seemed quite confident there wouldn’t be any blunders.

“But just minutes after I finished speaking to him, this happened.

“They seem to have dealt with it pretty quickly, but potentially very serious indeed.

“We’re surrounded by enormous security, bag checks, you can’t bring a bottle of water in, there are thousands of police and here we have a blunder on the Tory Party’s own app.”

Jon Trickett, Labour’s shadow minister for the Cabinet Office, said: “How can we trust this Tory Government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?

“The Conservative Party should roll out some basic computer security training to get their house in order.”


Source link

Tags
Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Close