You Are Here: Home » Content » RSA Can’t Catch a Break: Conference App Allegedly Leaks Data Of Thousands Of Users

RSA Can’t Catch a Break: Conference App Allegedly Leaks Data Of Thousands Of Users

This afternoon, media at RSA are reporting that both the RSA Conference mobile app and WiFi are not secure.

Sean Michael Kerner at eWeek is reporting that “the conference might not necessarily be practicing what it preaches.” Kerner notes that, unlike some of the other major tech conferences that he attends, “RSA this year does not have an encrypted WPA WiFi access point for attendees or even for the press.” The ultimate lesson here, as Kerner states, “is a simple one. If you connect on an unencrypted or unsecured network, your data can be seen by anyone. It doesn’t matter if you’re at RSA or Starbucks; you’re not safe.”

In terms of the RSA app, “the official mobile application for the ongoing RSA Conference contains a half-dozen security vulnerabilities,” wrote ThreatPost’s Brian DonohueAccording to a security firm, “the app is vulnerable to a man-in-the-middle attack that could enable an attacker to inject code and get a user’s credentials. There is also an information disclosure flaw in that the RSA mobile app has a SQLite database file that includes the information of registered attendees,” Kerner wrote. Further, as Donohue describes, “The application apparently downloads a SQLite database file that is then used to populate the app’s user interface with various conference information, like speaker profiles and schedules.” Seems basic, but that database contains the first and last names, employers, and titles of every user that has downloaded and registered with the application.

Tom Brewster at TechWeekEurope also posted an article on the topic. Brewster notes that the worrying holes in the RSA app are allegedly leaking data of the thousands of users running the software on their phones.

RSA Conference 2014 attendees, beware!

RSA Conference Mobile AppRSA Conference Mobile App

Photo Cred.: Google Play

The following two tabs change content below.

Brenna Hagy

Brenna Hagy

Senior Account Executive at MSLGROUP

Senior Account Executive at MSLGROUP in Boston, focused on promoting innovative B2B technologies.

Leave a Comment