The Black Hat cybersecurity convention app has a cybersecurity downside

The Black Hat cybersecurity convention app has a cybersecurity downside

Again in 2016 when the day was nonetheless zero.

Picture: Guo Shuang / getty

By Jack Morse

Look, we get it: cybersecurity is difficult. 

Nonetheless, you’d assume the parents on the Black Hat cybersecurity convention in Las Vegas this week would have a greater deal with on issues. And but, in keeping with famous French safety researcher Baptiste Robert, they nonetheless managed to launch a convention app that might put attendees’ telephones in danger. 

The convention, which is now in its 22nd 12 months, runs Aug. Three-Eight, and is floor zero for cybersecurity corporations peddling their wares. It is adopted by the DEF CON hacking convention, additionally in Las Vegas, which has a decidedly non-corporate ethos. 

“The official Android app of #BHUSA is a joke,” wrote Robert, who’s on the town for each Black Hat and DEF CON. “For an occasion of this dimension this isn’t severe @BlackHatEvents.”

Robert, who goes by the deal with Elliot Alderson on Twitter, laid naked what he says are the Android app’s flaws in no unsure phrases. 

“Because of the #BlackHat app, an attacker can: – Open a random url within the app browser – Pre dial a quantity – Create an e-mail – Open Chrome to obtain a file.” 

An accompanying video reveals the purported vulnerabilities in motion. 

Now, importantly, Robert added that the Black Hat app alone is just not sufficient for a theoretical attacker to break somebody’s day. Reasonably, it might be part of a one-two punch involving tricking a sufferer into downloading one other app of the attacker’s making. 

Yep, first you must infect the sufferer’s machine by putting in an app after which you’ll be able to « exploit » this difficulty

— Elliot Alderson (@fs0c131y) August Eight, 2019

And, earlier than everybody at Black Hat abandons their telephones within the desert, Robert assured these involved that it is “not a excessive precedence.” 

Even so, he wrote, “it is nonetheless a disgrace to have one thing like this within the app of the most important safety convention of the world.”

However yeah this difficulty, no matter you wish to name it, is just not a excessive precedence difficulty. I didn’t say the alternative. This has been mentioned it’s nonetheless a disgrace to have one thing like this within the app of the most important safety convention of the world

— Elliot Alderson (@fs0c131y) August Eight, 2019

And maybe that is the actual takeaway: Even the professionals could make errors. 

We contacted Robert to ask simply how straightforward any such assault can be to drag off within the wild, and can replace if we hear again. 

That an app related to a safety convention has its personal safety points is not precisely reassuring. It additionally is not the primary time it is occurred. In 2018, the RSA safety convention app uncovered attendees’ private information, forcing organizers to scramble to resolve the difficulty. 

We reached out to Black Hat in an try to find out simply what, if something, it plans to do to resolve the problems highlighted by Robert. Whereas we’ve got not heard again as of press time, we assume the organizers of “the world’s main data safety occasion” are completely up to the mark. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.