Keeping the Hacker Tracker Mobile App Secure: DefCon | eWeek

DefCon: How the Hacker Tracker Mobile App Stays Secure

DefCon: How the Hacker Tracker Mobile App Stays Secure
Aug 5, 2016
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

LAS VEGAS—The DefCon hacker conference here at the Bally’s and Paris Hotels is a massive affair with many rooms, events and workshops spread across multiple times and days. While there is a paper schedule, many hackers now rely on Hacker Tracker, which has become the de facto mobile app of the DefCon conference.

The Hacker Tracker was developed by two volunteers, Whitney Champion, systems engineer at SPARC, and Seth Law, chief security officer at nVisium. Champion built the Android version of the app while Law built the iOS version.

In a video interview at DefCon, Law provided details on how Hacker Tracker is built and the steps he and Champion have taken to keep it and hacker data secure.

Making a mobile app safe is not a trivial task, and in fact, DefCon’s sister conference, Black Hat, had to update its app this year after security firm Lookout identified multiple privacy risks.

Hacker Tracker gets the information for DefCon by way a JSON (Javascript Object Notation) API call.

“It takes quite a bit of effort to bring in all the different events and talks and make sure that they are up-to-date and proper,” Law said. “So we have worked with the DefCon information booth to make sure the information is proper; then we created a JSON service that we pull the data from.”

The JSON call is secured with HTTPS Certificate Pinning, a security mechanism that makes use of Secure Sockets Layer/Transport Layer Security {SSL/TLS) certificates that are “pinned” or specifically linked to a given certificate in an effort to limit the risk of a man-in-the-middle attack.

“We keep it very simple so we don’t have things like data leakage; the only call that is made is to the single API, but everything else happens on the device itself,” Law explained. “There is a small database that is there and encrypted for the user that is actually using the app.”

Watch the full video below.


Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.