Gallup blocks security flaw which could have led to fake polling data

News
By last updated

Security vulnerabilities found on Gallup polling site

ID theft
Image credit: Pixabay (Image credit: Future)

Researchers at Checkmarx recently identified critical Cross-Site scripting (XSS) vulnerabilities on the website of polling firm Gallup which they say could have been used by malicious actors to gain access to the survey company’s platform.

The research notes XSS is a vulnerability that might enable attackers to gain ‘full control over an application’s functionality and data’, especially if the user impersonated has been granted special access.

By allowing the execution of arbitrary code, the vulnerability could have even given threat actors the ability to add unauthorized items to user’s shopping carts (as the site also sells customizable surveys and books).

Misinformation risk

The vulnerabilities were discovered in June 2024, but have since been resolved - but in a time where reliable and safe information is so vital, especially relating to political opinion, the consequences of the flaw could have been dire. It is possible that a malicious actor could spoof ‘fake news’ content that appears to have originated from that site, confirmed the Checkmarx team.

“In an era where misinformation and identity theft pose significant threats, the security of survey platforms is crucial, particularly during pivotal global election cycles," the report notes. "It's important to note that this endpoint is commonly used to access Gallup surveys, which may make users more susceptible to exploitation.”

The 2024 election cycle has seen particularly high rates of misinformation and election interference attempts, so it’s important for firms with influence or prominence to ensure security on their sites to keep information safe.

Web defacement is a relatively common practice for hackers to use to spread their message or embarrass the site owners, but in this case the information could easily have been disguised as legitimate, with the intention of swaying voters. In a remarkably close election race, swing state votes in particular are impactful, so any potential vulnerabilities should be closely monitored.

More from TechRadar Pro

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
A worrying security flaw could have left Microsoft SharePoint users open to attack
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
A close-up of an interent search bar with 'http://ww' visible
Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard
A pair of hands using a keyboard
Microsoft SharePoint hijacked to spread Havoc malware
Latest in Pro
Epson EcoTank ET-4850 next to a TechRadar badge that reads Big Savings
I found the best printer deal you won't see in the Amazon Spring Sale and it's got a massive $150 saving
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Group of people meeting
Inflexible work policies are pushing tech workers to quit
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
An image of network security icons for a network encircling a digital blue earth.
Why multi-CDNs are going to shake up 2025
Latest in News
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement
More about pro
CoreWeave

Is CoreWeave another WeWork? Blogger who caused Nvidia market capitalization to drop by $600 billion in a day thinks so
Data leak

Top home hardware firm data leak could see millions of customers affected
Ninkear MBOX 8 Pro

This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
See more latest
Most Popular
Ninkear MBOX 8 Pro
This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
CoreWeave
Is CoreWeave another WeWork? Blogger who caused Nvidia market capitalization to drop by $600 billion in a day thinks so
Discord Clyde
Discord's game overlay has seen a complete revamp - I've tried it, and it's one of the best updates ever
Swiss flag with view of Geneva city, Switzerland
Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
Data leak
Top home hardware firm data leak could see millions of customers affected
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
Canon EOS R50 V on a wooden table, alongside the EOS R50
I tried Canon's two new vlogging cameras – here's why the EOS R50 V offers better video value
Canon RF 20mm F1.4L VCM lens on a wooden table, alongside three other Canon hybrid prime lenses
Canon’s new 20mm f/1.4 lens could be the ultimate wide-angle prime for astro photography and video work, but its pricey