Vulnerabilities in implementing RSA

On 31 January, a few weeks before the start of the world-renowned event, RSA Conference 2014, the homonymous application was released on Google Play. Experts quickly identified several security issues.

RSA Conference 2014 allows users to keep track of activity, event list, schedule, and connect with colleagues through a social and professional networking tool.

RSA

Security researchers from IOActive they decided to take a look at the application to see how safe it is. In a short time, they identified a total of six vulnerabilities.

The most serious of these can be exploited for man-in-the-middle attacks (MitM). An attacker could inject a phishing site to collect delegates' logins.

IOActive's Gunter Ollmann says: "If we were dealing with a banking app, then we would have no luck, but this particular app has only been downloaded a few thousand times, and I have serious doubts about whether a hacker loses his time for an application that will only give him the credentials of a conference ”.

However, there is another security issue quite easy to exploit, and it could be much more profitable to them.

Application information is compiled into a SQLite database that can be downloaded to your smartphone. This file contains the information of each user registered for the RSA Conference 2014, with the name, company and title.

RSA2

While there are no passwords or other sensitive data in this file, hackers could probably use this information in many ways.

The application should be said to have not been developed by RSA. Created by QuickMobile, a company that has developed similar applications for several major companies such as McDonalds, Adobe, Kaspersky, Red Hat, and many others.

However, even if RSA had not developed the application, it had to check its security and integrity.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).