NSA Planned to Plant Malware via Google & Samsung Phones

Uploaded on 2015-06-09 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

835fcaf3da5fc29465dcb812d508f91a.jpg

Malware in the Google Play Store and Samsung app store is nothing new, but when it comes from the US National Security Agency, then that’s a whole new threat level.

An NSA app-hijacking program, dubbed IRRITANT HORN, was set up by the US as part of a joint spying unit, according to new documents from controversial whistle-blower Edward Snowden and obtained by The Intercept and CBC News. It also involved the other Five Eyes - Canada, the UK, Australia and New Zealand.

Mobile phones became infected with malware and spyware by using web traffic around application servers, and document slides cite Google and Samsung servers in this process.

The plan was to intercept traffic before it reached to servers and infect certain users’ phones with malware and spyware, a type of “man-in-the-middle” attack. Once the malware is in the phone, it would relay sensitive information, such as contacts and nearly real-time location at all time. 

Last year, The Intercept also reported that the NSA had planned a mass infection of computers with malware, estimating millions in the crosshairs.

The documents are dated from 2011 to 2012 and it’s still unclear whether this plan was ever implemented or not. Regardless, the NSA has proven its disregard for user privacy many times, and it’s an equally startling reminder that our data may not be safe, even behind the mighty Google’s encryption. The fallout from this, and every new revelation that Snowden will reveal, is something to keep an eye on.
Techradar:  http://bit.ly/1IoZynp

« UK Secret Report Urges US Data Sharing
Anderson Report: Review Of UK Anti-Terror Data Laws. »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

British Assessment Bureau

British Assessment Bureau

The British Assessment Bureau is an ISO certification body. We check conformity and compliance of companies to recognised ISO standards including ISO 27001.

Usenix

Usenix

Usenix brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Euro-Recycling

Euro-Recycling

Euro-Recycling is a leading UK provider of Secure On-Site Data Media Destruction Services.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

SHIELD

SHIELD

SHIELD are the world’s leading cybersecurity company specializing in cyber fraud and identity solutions.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

Hyperion Gray

Hyperion Gray

Hyperion Gray are a small research and development team focused on innovative work in a variety of areas including Software & Security Research, Penetration Testing, Incident Response, and Red Teaming

Axellio

Axellio

Axellio provides economic, end-to-end cyber security solutions designed for your team, environment, and security objectives, providing packet level visibility across your network.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

Catalyst Campus For Technology & Innovation

Catalyst Campus For Technology & Innovation

Catalyst Campus is a collaborative ecosystem to create community, spark innovation and stimulate business growth.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.

Fortress SRM

Fortress SRM

Fortress SRM protects companies from the financial, operational, and emotional trauma of cybercrime by improving the security performance of its people, processes, and technology.