NSA Planned to Plant Malware via Google & Samsung Phones

Uploaded on 2015-06-09 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

835fcaf3da5fc29465dcb812d508f91a.jpg

Malware in the Google Play Store and Samsung app store is nothing new, but when it comes from the US National Security Agency, then that’s a whole new threat level.

An NSA app-hijacking program, dubbed IRRITANT HORN, was set up by the US as part of a joint spying unit, according to new documents from controversial whistle-blower Edward Snowden and obtained by The Intercept and CBC News. It also involved the other Five Eyes - Canada, the UK, Australia and New Zealand.

Mobile phones became infected with malware and spyware by using web traffic around application servers, and document slides cite Google and Samsung servers in this process.

The plan was to intercept traffic before it reached to servers and infect certain users’ phones with malware and spyware, a type of “man-in-the-middle” attack. Once the malware is in the phone, it would relay sensitive information, such as contacts and nearly real-time location at all time. 

Last year, The Intercept also reported that the NSA had planned a mass infection of computers with malware, estimating millions in the crosshairs.

The documents are dated from 2011 to 2012 and it’s still unclear whether this plan was ever implemented or not. Regardless, the NSA has proven its disregard for user privacy many times, and it’s an equally startling reminder that our data may not be safe, even behind the mighty Google’s encryption. The fallout from this, and every new revelation that Snowden will reveal, is something to keep an eye on.
Techradar:  http://bit.ly/1IoZynp

« UK Secret Report Urges US Data Sharing
Anderson Report: Review Of UK Anti-Terror Data Laws. »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

Payload Security

Payload Security

Payload Security's VxStream Sandbox is a fully automated malware analysis system.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Delfigo Security

Delfigo Security

Delfigo Security, a pioneer in intelligent authentication, provides a strong, multi-factor authentication solution to prevent identity theft and reduce fraud.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

PureSquare

PureSquare

PureSquare exist to empower people with simple solutions for their increasingly complex digital security & online privacy needs.

Cyber and Fraud Centre – Scotland

Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland exists to ensure Scottish organisations are as resilient as they can be against cyber and fraud crime.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.

HeroDevs

HeroDevs

HeroDevs is the trusted leader in providing secure, long-term support for deprecated open-source software.