The Black Hat cybersecurity conference app has a cybersecurity problem

The Black Hat cybersecurity conference app has a cybersecurity problem
Back in 2016 when the day was still zero.Image: Guo Shuang / getty
By Jack Morse2019-08-08 22:11:33 UTC

Look, we get it: cybersecurity is hard. 


Still, you'd think the folks at the Black Hat cybersecurity conference in Las Vegas this week would have a better handle on things. And yet, according to noted French security researcher Baptiste Robert, they still managed to release a conference app that could put attendees' phones at risk. 


The conference, which is now in its 22nd year, runs Aug. 3-8, and is ground zero for cybersecurity companies peddling their wares. It's followed by the DEF CON hacking conference, also in Las Vegas, which has a decidedly non-corporate ethos. 


"The official Android app of #BHUSA is a joke," wrote Robert, who is in town for both Black Hat and DEF CON. "For an event of this size this is not serious @BlackHatEvents."


Robert, who goes by the handle Elliot Alderson on Twitter, laid bare what he says are the Android app's flaws in no uncertain terms. 


"Thanks to the #BlackHat app, an attacker can: - Open a random url in the app browser - Pre dial a number - Create an email - Open Chrome to download a file." 


An accompanying video shows the purported vulnerabilities in action. 

Now, importantly, Robert added that the Black Hat app alone is not enough for a theoretical attacker to ruin someone's day. Rather, it would ..

Support the originator by clicking the read the rest link below.