Quantcast i24NEWS - Pro-Israel app found to have major security flaws for users

Pro-Israel app found to have major security flaws for users

A programmer attends a hacking challenge in Meudon, west of Paris, on March 16, 2013
Thomas Samson (AFP/File)
With the exposed email addresses, hackers can deliver malware or obtain passwords through spear-phishing

An application developed by the Israeli government to defend Israel against anti-Israel incitement and BDS as well as promote the Jewish state has been found to put its users at risk by failing to implement basic privacy and security protections and exposing certain user information, according to a report by the Intercept.

An independent security researcher disclosed the Act.il app’s vulnerabilities to the Intercept, finding that the email addresses of at least 1,900 of the app’s users were being exposed.

“I was shocked to find that email addresses for users were being shared across the Internet whenever a search is performed,” said the researcher under anonymity, adding that anyone with basic programming skills was capable of accessing the information.

The researcher provided proof to the Intercept by providing the list of Act.il’s user emails, and the publication subsequently informed the app’s developer Rallyware.

The developer responded to the inquiry and has since fixed the security error, the researcher confirmed.

“Due to the open community nature of the Act.il app, certain user information was shared among community members,” Rallyware confirmed to the Intercept in an email. “As your initial question suggested an opportunity for abuse of that feature, we have since limited this functionality.”

The Act.il application was developed by Israel’s Ministry of Strategic Affairs in partnership with students of the Israeli university, the Interdisciplinary Center (IDC), and several pro-Israel non-profit groups including the Maccabee Task Force and the Israeli-American Council, a group that promotes ties between the US and Israel.

The Maccabee Task Force was founded in 2015 by billionaire casino tycoon and longtime right-wing backer Sheldon Adelson to combat anti-Israel and pro-BDS campaigns on college campuses across the US.

Adelson's foundation donates $200 million annually to Jewish and Israeli causes and is a known supporter of Netanyahu's government. The ultra-conservative enlisted David Brog, a board director with Christians United for Israel (CUFI), to head the task force. 

Strategic Affairs Minister Gilad Erdan said of the new online platform that the time had come for Israel to actively promote social media and to push back against efforts to delegitimize Israel.

"The State of Israel is under constant attack by delegitimizing working to demonize Israel online and undermine our legitimacy as the nation-state of the Jewish People,” said Erdan.

“For this reason I am initiating an international effort to unite Israel's supporters around the globe and provide them with a platform that strengthens their activities, with tools that will help all of us fight hatred together, and with resources to spread the truth. As part of the campaign, we will provide Israel's supporters with videos, graphics, articles and content.

“Along with civil society initiatives such as the Act.il application developed by Israeli-American Council (IAC) and IDC students, we believe that this will be a game-changer in defending Israel online and around the world".

The app, offered in both Hebrew and English, encourages users to spread news stories and social media messages, often promoting Israeli Prime Minister Benjamin Netanyahu’s right-wing government positions, through an awards system using points and badges for completing such “missions.”

According to the Intercept, the researcher said the leakage could reflect negatively on the app’s promotion of the Jewish state. Of the user emails exposed, dozens belonged to those connected to the organizations that funded or developed the app.

Also, by gaining access to private email addresses, hackers can deliver malware or obtain passwords through spear-phishing.


8Previous articleIsrael's Cyber Authority says attack on hospitals less severe than thought
8Next articleUkraine claims it prevented fresh cyberattack