RSA is affected by a cybersecurity vulnerability; this flaw is present in the backend systems powering the smartphone app for its annual security conference, held this week in San Francisco, USA.
Researchers have discovered and reported a privacy issue present in an API, which could be accessed by anyone with an RSA Conference account, to fetch the names of all other event attendees. Researchers were able to extract more than 100 names from the database using this software flaw interface. By doing this, they have proved that the app is not correctly cybersecured.
This kind of malicious cyber attacks can also be repealed by installing a cybersecurity solution like an antivirus for Windows or antivirus for Mac, depending on which OS their device is running. Besides this, a company must hire a cybersecurity firm that will lunch on purpose various attacks on company’s network to reveal its flaws.
The harvested data consisted only of attendee names. No other private information has been exposed. RSA declared it has since remedied the issue, and that 114 names were fetched in total via the insecure API.
Researchers didn’t try to access the full attendee database, and nobody else has exploited the vulnerability, so the damage is minimal in this case.
This embarrassing mishap is not the first for the RSA, back in 2014 cybersecurity researchers analyzed the RSA Conference app and found that it was so poorly written it would allow credentials were stealing via a man-in-the-middle attack.
The timing was particularly awkward as that year’s conference was being partially boycotted after allegations surfaced that the US government orchestrated a backdoor in one of its cryptographic toolkits. At that time RSA declared that it didn’t take the NSA’s money to backdoor its products.
To reduce and eventually eliminate all the risk of this kind of cybersecurity problems practice good cyber security habits, update your apps and OSs to latest versions available and implement a robust cybersecurity solution into your devices like an antivirus for Windows or antivirus for Mac depending on which OS is your machines running. We also recommend every company to hire a specialized cybersecurity firm that will perform various tests like a penetration test and various ethical hacking tests on company’s network to reveal if any network flaws are present.