RSA Can’t Catch a Break: Conference App Allegedly Leaks Data Of Thousands Of Users
This afternoon, media at RSA are reporting that both the RSA Conference mobile app and WiFi are not secure.
Sean Michael Kerner at eWeek is reporting that “the conference might not necessarily be practicing what it preaches.” Kerner notes that, unlike some of the other major tech conferences that he attends, “RSA this year does not have an encrypted WPA WiFi access point for attendees or even for the press.” The ultimate lesson here, as Kerner states, “is a simple one. If you connect on an unencrypted or unsecured network, your data can be seen by anyone. It doesn’t matter if you’re at RSA or Starbucks; you’re not safe.”
In terms of the RSA app, “the official mobile application for the ongoing RSA Conference contains a half-dozen security vulnerabilities,” wrote ThreatPost’s Brian Donohue. According to a security firm, “the app is vulnerable to a man-in-the-middle attack that could enable an attacker to inject code and get a user’s credentials. There is also an information disclosure flaw in that the RSA mobile app has a SQLite database file that includes the information of registered attendees,” Kerner wrote. Further, as Donohue describes, “The application apparently downloads a SQLite database file that is then used to populate the app’s user interface with various conference information, like speaker profiles and schedules.” Seems basic, but that database contains the first and last names, employers, and titles of every user that has downloaded and registered with the application.
Tom Brewster at TechWeekEurope also posted an article on the topic. Brewster notes that the worrying holes in the RSA app are allegedly leaking data of the thousands of users running the software on their phones.
RSA Conference 2014 attendees, beware!
Photo Cred.: Google Play
Latest posts by Brenna Hagy (see all)
- RSA 2014: Social Media’s Spiky Reaction – February 28, 2014
- RSA Can’t Catch a Break: Conference App Allegedly Leaks Data Of Thousands Of Users – February 27, 2014
- MSLGROUP IT Security Pros at RSA Conference 2014 – February 27, 2014