Technology
The Black Hat cybersecurity conference app has a cybersecurity problem
Look, we get it: cybersecurity is hard.
Still, you’d think the folks at the Black Hat cybersecurity conference in Las Vegas this week would have a better handle on things. And yet, according to noted French security researcher Baptiste Robert, they still managed to release a conference app that could put attendees’ phones at risk.
The conference, which is now in its 22nd year, runs Aug. 3-8, and is ground zero for cybersecurity companies peddling their wares. It’s followed by the DEF CON hacking conference, also in Las Vegas, which has a decidedly non-corporate ethos.
“The official Android app of #BHUSA is a joke,” wrote Robert, who is in town for both Black Hat and DEF CON. “For an event of this size this is not serious @BlackHatEvents.”
Robert, who goes by the handle Elliot Alderson on Twitter, laid bare what he says are the Android app’s flaws in no uncertain terms.
“Thanks to the #BlackHat app, an attacker can: – Open a random url in the app browser – Pre dial a number – Create an email – Open Chrome to download a file.”
An accompanying video shows the purported vulnerabilities in action.
Now, importantly, Robert added that the Black Hat app alone is not enough for a theoretical attacker to ruin someone’s day. Rather, it would be a part of a one-two punch involving tricking a victim into downloading another app of the attacker’s making.
Yep, first you need to infect the victim’s device by installing an app and then you can « exploit » this issue
— Elliot Alderson (@fs0c131y) August 8, 2019
And, before everyone at Black Hat abandons their phones in the desert, Robert assured those concerned that it’s “not a high priority.”
Even so, he wrote, “it’s still a shame to have something like this in the app of the biggest security conference of the world.”
But yeah this issue, whatever you want to call it, is not a high priority issue. I didn’t say the opposite. This has been said it’s still a shame to have something like this in the app of the biggest security conference of the world
— Elliot Alderson (@fs0c131y) August 8, 2019
And perhaps that’s the real takeaway: Even the pros can make mistakes.
We contacted Robert to ask just how easy this type of attack would be to pull off in the wild, and will update if we hear back.
That an app associated with a security conference has its own security issues isn’t exactly reassuring. It also isn’t the first time it’s happened. In 2018, the RSA security conference app exposed attendees’ personal data, forcing organizers to scramble to resolve the issue.
We reached out to Black Hat in an attempt to determine just what, if anything, it plans to do to resolve the issues highlighted by Robert. While we have not heard back as of press time, we assume the organizers of “the world’s leading information security event” are totally on top of things.
Why women behaving badly are dominating our screens
The greatest early Black Friday deals from Amazon, Greatest Buy, Walmart, and Target that you can shop now
‘Spellbound’ review: Netflix’s animated adventure finds its magic right at the end
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
A24 is selling chocolate now. But what would their films actually taste like?
New teen video-viewing guidelines: What you should know
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
How to watch ‘Smile 2’ at home: When is it streaming?
Black Friday 2024: The greatest early deals in Australia – live now
‘Here’ review: Robert Zemeckis, Tom Hanks, and Robin Wright reunite
Menendez brothers case reignites online: The questions that keep resurfacing
How to watch the 2024-2025 NBA season without cable: The greatest streaming deals
Election 2024: The truth about voting machine security
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
‘Dragon Age: The Veilguard’ review: BioWare made a good game again
‘Wallace and Gromit: Vengeance Most Fowl’ review: A delightful romp with an anti-AI streak
Teen AI companion: How to keep your child safe
When will we have 2024 election results online?
Why women behaving badly are dominating our screens
The greatest early Black Friday deals from Amazon, Greatest Buy, Walmart, and Target that you can shop now
‘Spellbound’ review: Netflix’s animated adventure finds its magic right at the end
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
A24 is selling chocolate now. But what would their films actually taste like?
New teen video-viewing guidelines: What you should know
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
How to watch ‘Smile 2’ at home: When is it streaming?
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment6 days ago‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days agoBlack Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days agoHow to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment4 days ago‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment3 days agoA24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days agoNew teen video-viewing guidelines: What you should know
-
Entertainment2 days agoGreatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
-
Entertainment2 days ago2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more
