We were front and center for the talk from Riley Hassell at Blackhat in Las Vegas…however, he was nowhere to be seen. Reuters is reporting,
he (Hassell) and colleague Shane Macaulay decided not to lay out their research at the gathering for fear criminals would use it attack Android phones
While that is understandable he gives even more detail as to why he chose not to disclose his findings
He said in an interview he identified more than a dozen widely used Android applications that make the phones vulnerable to attack.
App developers frequently fail to follow security guidelines and write applications properly
Yet he refused to mention the name of the applications or if they even connected those applications developers to let them know about it. But to keep it to them selves. However when Google commented on this they say a vastly different message, as said by Jay Nancarrow
The identified bugs are not present in Android.
The duo of Riley Hassell and Shane Macaulay were due to talk during the Hacking Android for Profit session but they chose to skip the talk (if not the Convention) with ZERO notice to the organizers or the hopeful attendees. It would be commendable if the reason was out of fear of criminals using newly identified vulnerabilities; if true exploits had been found, in theory the exploit themselves could be explained without revealing the “How To” aspect. Instead the audience, conference, and Android users are left scratching their heads.
For those who don’t know Blackhat is a yearly conference in which security experts from around the world talk about anything from mobile to botnets when it comes to what hackers can and do.
We had multiple people going into the conference room even asking if someone personally knows the two as to call them as they never stated their intention to miss the conference. We are going to file this under the BS folder. Until there is PROOF of these insecurities we cannot believe your “findings”. Sorry, but if you are scheduled to talk and just don’t show and then days later offer a nonsensical excuse you have destroyed your credibility. (Editor’s note – personally this sounds like the 15 minutes of fame – based on a need to see your name in lights).