TweakTown
Tech content trusted by users in North America and around the world
5,910 Reviews & Articles | 38,061 News Posts

Oh the irony, RSA Conference mobile app users exposed

Go figure... the official RSA Conference 2014 app was vulnerable to attacks by outsiders

| Hacking & Security News | Posted: Feb 28, 2014 11:34 pm

Either just bad luck or a cruel practical joke, it turns out the RSA Conference 2014 mobile app designed to help attendees get through the show mistakenly had a security hole potentially exposing user data.

 

TweakTown image news/3/5/35876_01_oh_the_irony_rsa_conference_mobile_app_exposed_users.jpg

 

IOActive found that there were two major vulnerabilities in the app, including a flaw that reveals name, surname, job title, employer, and nationality of the mobile app users. The second flaw opened up the door to man-in-the-middle attackers able to inject code into the app's login, so login credentials could be exposed.

 

"The RSA Conference 2014 application downloads a SQLite DB file that is used to populate the visual portions of the app (such as schedules and speaker information) but, for some bizarre reason, it also contains information of every registered user of the application - including their name, surname, title, employer, and nationality," said Gunter Ollmann, IOActive CTO, in a blog post.

 

It's believed only a few thousand people of the registered 25,000 RSA Conference attendees actually installed the app.

 

Don't worry, a certain TweakTown writes based in the San Francisco Bay Area decided to save meeting schedules and expo floor maps on his phone - and not use some type of third-party app to help out.

NEWS SOURCE
Blog.ioactive.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases