lundi 6 juillet 2015

Report: NSA found a way to “hijack” Google Play to install spyware on phones



NSA


Well, if you had any doubt that the NSA and national security agencies everywhere didn’t have the capability to treat themselves to your information, perhaps Edward Snowden’s latest leak will change your mind. The rogue ex-intelligence agent leaked another document to the press today detailing a program by the 5-Eyes Alliance (the US, UK, Australia, New Zealand and Canada) called “Irritant Horn.”


The idea — which was discussed at conferences and workshops in Australia and Canada between November 2011 and February 2012 — is that they could intercept the connection that happens between a smartphone and an app store when a user downloads an app, during which time they could drop a “payload,” of sorts, that would likely sneakily install some sort of spyware.


It was more than just an idea, too — the document suggests the agency did find a way to consistently and reliably intercept that connection for both Google Play and the Samsung Apps Store.. Whether they were successful in executing the other half of the strategy (dropping the “payload” and getting it installed without the user’s knowledge) remains to be known, as it’s not clear if any progress has been made on this project since these documents were drafted.


More than just receiving information, the alliance also explored the possibility of altering the information being sent to a device, potentially using misinformation to manipulate criminals, terrorists or anyone else they’d have a reason to spy on.


For what it’s worth, it’s long been revealed that the NSA and other intelligence agencies have developed software that could pull basically any bit of data they want from a phone, but this couldn’t happen unless they could guarantee a way to get the goods onto the phones in question. “Irritant Horn” may just be the last piece they need to complete the puzzle and help themselves to information whether a user likes it (or knows about it) or not.


The report also makes mention of a browser by Chinese search giant Alibaba called UCBrowser. Their studies found that the browser had a security hole that allowed those with the technical know-how to pull an alarming amount of device information from its users.


The 5-Eyes alliance reportedly used the exploit to find out about the possibility of covert operations being carried out by foreign military. It ultimately turns out to be an unrelated tidbit, though the leak and the ease of gaining access to the information supposedly sent good vibes around the offices of the intelligence agencies working on this project.


The Intercept and the CBC have a lot more information to dive into if you’re curious, so be sure to check them out when you can spare a minute. Let us know how you feel about all this straight ahead.





Aucun commentaire:

Enregistrer un commentaire