NSA Planned to Plant Malware via Google & Samsung Phones

Uploaded on 2015-06-09 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

835fcaf3da5fc29465dcb812d508f91a.jpg

Malware in the Google Play Store and Samsung app store is nothing new, but when it comes from the US National Security Agency, then that’s a whole new threat level.

An NSA app-hijacking program, dubbed IRRITANT HORN, was set up by the US as part of a joint spying unit, according to new documents from controversial whistle-blower Edward Snowden and obtained by The Intercept and CBC News. It also involved the other Five Eyes - Canada, the UK, Australia and New Zealand.

Mobile phones became infected with malware and spyware by using web traffic around application servers, and document slides cite Google and Samsung servers in this process.

The plan was to intercept traffic before it reached to servers and infect certain users’ phones with malware and spyware, a type of “man-in-the-middle” attack. Once the malware is in the phone, it would relay sensitive information, such as contacts and nearly real-time location at all time. 

Last year, The Intercept also reported that the NSA had planned a mass infection of computers with malware, estimating millions in the crosshairs.

The documents are dated from 2011 to 2012 and it’s still unclear whether this plan was ever implemented or not. Regardless, the NSA has proven its disregard for user privacy many times, and it’s an equally startling reminder that our data may not be safe, even behind the mighty Google’s encryption. The fallout from this, and every new revelation that Snowden will reveal, is something to keep an eye on.
Techradar:  http://bit.ly/1IoZynp

« UK Secret Report Urges US Data Sharing
Anderson Report: Review Of UK Anti-Terror Data Laws. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

Sequitur Labs

Sequitur Labs

Sequitur Labs is developing seminal technologies and solutions to secure and manage connected devices of today and in the future.

Ceerus

Ceerus

Ceerus was created to simplify the process of deploying and managing security across all the channels in an organisation.

Saudi Federation for Cyber Security and Programming (SAFCSP)

Saudi Federation for Cyber Security and Programming (SAFCSP)

SAFCSP is a national institution under the umbrella of the Saudi Arabian Olympic Committee, which seeks to build national and professional capabilities in the fields of cyber security and programming.

Kobil Systems

Kobil Systems

Kobil is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

Pareteum

Pareteum

Pareteum is a leading Global provider of mobile networking software and services. Our mission is to provide a single solution to the problem of fully enabling and securing the Mobile Cloud.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC) is an information security company providing website vulnerability scanning and monitoring services.

Pentest Limited

Pentest Limited

Pentest Limited provide information security consultation, penetration testing & red teaming services to companies across the globe.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

Smoothstack

Smoothstack

Smoothstack is a technology talent incubator whose immersive training program kick starts IT careers and delivers a fresh source of IT talent.

Profian

Profian

Profian’s hardware-based solutions maintain your data's confidentiality and integrity in use, providing true confidential computing to meet regulatory and audit requirements.

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

Singularico

Singularico

Singularico help secure your software using the power of AI.