时间:2024-09-23 15:19:30 来源:网络整理 编辑:行业动态
Look, we get it: cybersecurity is hard. Still, you'd think the folks at the Black Hat cybersecurity
Look, we get it: cybersecurity is hard.
Still, you'd think the folks at the Black Hat cybersecurity conference in Las Vegas this week would have a better handle on things. And yet, according to noted French security researcher Baptiste Robert, they still managed to release a conference app that could put attendees' phones at risk.
The conference, which is now in its 22nd year, runs Aug. 3-8, and is ground zero for cybersecurity companies peddling their wares. It's followed by the DEF CON hacking conference, also in Las Vegas, which has a decidedly non-corporate ethos.
"The official Android app of #BHUSA is a joke," wrote Robert, who is in town for both Black Hat and DEF CON. "For an event of this size this is not serious @BlackHatEvents."
Robert, who goes by the handle Elliot Alderson on Twitter, laid bare what he says are the Android app's flaws in no uncertain terms.
"Thanks to the #BlackHat app, an attacker can: - Open a random url in the app browser - Pre dial a number - Create an email - Open Chrome to download a file."
An accompanying video shows the purported vulnerabilities in action.
Tweet may have been deleted
Now, importantly, Robert added that the Black Hat app alone is not enough for a theoretical attacker to ruin someone's day. Rather, it would be a part of a one-two punch involving tricking a victim into downloading another app of the attacker's making.
Tweet may have been deleted
And, before everyone at Black Hat abandons their phones in the desert, Robert assured those concerned that it's "not a high priority."
Even so, he wrote, "it's still a shame to have something like this in the app of the biggest security conference of the world."
Tweet may have been deleted
And perhaps that's the real takeaway: Even the pros can make mistakes.
We contacted Robert to ask just how easy this type of attack would be to pull off in the wild, and will update if we hear back.
That an app associated with a security conference has its own security issues isn't exactly reassuring. It also isn't the first time it's happened. In 2018, the RSA security conference app exposed attendees' personal data, forcing organizers to scramble to resolve the issue.
SEE ALSO:Dozens of Vegas slots went offline simultaneously during a hacker conventionWe reached out to Black Hat in an attempt to determine just what, if anything, it plans to do to resolve the issues highlighted by Robert. While we have not heard back as of press time, we assume the organizers of "the world's leading information security event" are totally on top of things.
Naver, Kakao strive to combat deepfake porn spreading online2024-09-23 14:40
Why N. Korea cannot launch spy satellite2024-09-23 14:28
Kevin the permanently surprised cat has a story to inspire you2024-09-23 14:16
Court gets cut short after smelly weed found in man's underwear2024-09-23 13:57
What Ever Happened to Flickr?2024-09-23 13:51
拒绝以街为市 “治疗”城市公共道路“结石”2024-09-23 13:47
Female pilots who flew during WWII can now be buried at Arlington2024-09-23 13:40
Seoul Square illuminations to mark 55th anniversary of EU2024-09-23 13:16
Google Search tries new tactics for limiting explicit deepfakes2024-09-23 13:09
‘Daegu assault’ video goes viral, touching off disputes2024-09-23 13:02
NCT member Taeil leaves band over sexual offense allegations2024-09-23 15:16
遛狗者 请妥善处理狗粪2024-09-23 15:10
三角生鱼养成记:“鱼斗士”的一生2024-09-23 15:08
Elon Musk says Apple never considered removing Twitter from App Store2024-09-23 14:47
[Herald Review] Tori Kelly thrills fans, hints her love for Korean artists2024-09-23 14:38
佳沃水果连续4年“护航”深马!携天然好椰领跑健康新生活2024-09-23 13:53
South Korea ready to help reforestation of North2024-09-23 13:45
Female pilots who flew during WWII can now be buried at Arlington2024-09-23 13:38
Number of COVID2024-09-23 12:50
Drake's beard is gone and so is all hope in this dumpster of a world2024-09-23 12:47