LAS VEGAS—The DefCon hacker conference here at the Bally’s and Paris Hotels is a massive affair with many rooms, events and workshops spread across multiple times and days. While there is a paper schedule, many hackers now rely on Hacker Tracker, which has become the de facto mobile app of the DefCon conference.
The Hacker Tracker was developed by two volunteers, Whitney Champion, systems engineer at SPARC, and Seth Law, chief security officer at nVisium. Champion built the Android version of the app while Law built the iOS version.
In a video interview at DefCon, Law provided details on how Hacker Tracker is built and the steps he and Champion have taken to keep it and hacker data secure.
Making a mobile app safe is not a trivial task, and in fact, DefCon’s sister conference, Black Hat, had to update its app this year after security firm Lookout identified multiple privacy risks.
Hacker Tracker gets the information for DefCon by way a JSON (Javascript Object Notation) API call.
“It takes quite a bit of effort to bring in all the different events and talks and make sure that they are up-to-date and proper,” Law said. “So we have worked with the DefCon information booth to make sure the information is proper; then we created a JSON service that we pull the data from.”
The JSON call is secured with HTTPS Certificate Pinning, a security mechanism that makes use of Secure Sockets Layer/Transport Layer Security {SSL/TLS) certificates that are “pinned” or specifically linked to a given certificate in an effort to limit the risk of a man-in-the-middle attack.
“We keep it very simple so we don’t have things like data leakage; the only call that is made is to the single API, but everything else happens on the device itself,” Law explained. “There is a small database that is there and encrypted for the user that is actually using the app.”
Watch the full video below.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.