NSA Planned to Plant Malware via Google & Samsung Phones

Uploaded on 2015-06-09 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

835fcaf3da5fc29465dcb812d508f91a.jpg

Malware in the Google Play Store and Samsung app store is nothing new, but when it comes from the US National Security Agency, then that’s a whole new threat level.

An NSA app-hijacking program, dubbed IRRITANT HORN, was set up by the US as part of a joint spying unit, according to new documents from controversial whistle-blower Edward Snowden and obtained by The Intercept and CBC News. It also involved the other Five Eyes - Canada, the UK, Australia and New Zealand.

Mobile phones became infected with malware and spyware by using web traffic around application servers, and document slides cite Google and Samsung servers in this process.

The plan was to intercept traffic before it reached to servers and infect certain users’ phones with malware and spyware, a type of “man-in-the-middle” attack. Once the malware is in the phone, it would relay sensitive information, such as contacts and nearly real-time location at all time. 

Last year, The Intercept also reported that the NSA had planned a mass infection of computers with malware, estimating millions in the crosshairs.

The documents are dated from 2011 to 2012 and it’s still unclear whether this plan was ever implemented or not. Regardless, the NSA has proven its disregard for user privacy many times, and it’s an equally startling reminder that our data may not be safe, even behind the mighty Google’s encryption. The fallout from this, and every new revelation that Snowden will reveal, is something to keep an eye on.
Techradar:  http://bit.ly/1IoZynp

« UK Secret Report Urges US Data Sharing
Anderson Report: Review Of UK Anti-Terror Data Laws. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

SGBox

SGBox

SGBox is a highly flexible and scalable solution for IT security. Choose the modules which your company needs and implement it without any modification to your network infrastructure.

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

T-REX

T-REX

T-REX is a coworking space, technology incubator, and entrepreneur resource center for technology startups.

Senserva

Senserva

Senserva delivers a deep analysis for security user accounts and applications within the Microsoft cloud environment.

HunCERT

HunCERT

HunCERT's mission is to assist Hungarian Internet Service Providers in applying appropriate procedures to address the risks of computer network incidents and to respond to such incidents.

Grove Group

Grove Group

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.