Security Holes In App Stores: Latest In NSA Spying Saga
New reports on the leaked NSA documents claim the agency exploited security flaws in mobile app stores instead of publicizing the vulnerabilities.
Yet another NSA program detailed in documents leaked by Edward Snowden is making headlines today. The NSA, along with spy agencies from several other countries, reportedly developed a plan to exploit weaknesses in several app stores to collect data on suspected terrorists.
New documents published by CBC and The Intercept Wednesday detail a program dubbed "Irritant Horn," a combined effort from the U.S., Canada, U.K., New Zealand and Australia. The program targeted vulnerabilities in UC Browser, an incredibly popular app in China and India run by e-commerce giant Alibaba. It also sought ways to access information through Google and Samsung's servers.
It doesn't appear the companies were informed of the weaknesses, which left open the possibility for hackers and criminals to exploit the same vulnerabilities, as well as other government agencies.
It appears the program began after vulnerabilities in UC Browser were discovered in 2011. The documents detail what's called a "man-in-the-middle" attack to collect data and even plant spyware on some smartphones. It's a method sometimes used by hackers to commit fraud.
The NSA has been accused of letting security vulnerabilities go unchecked in the past.
Bloomberg published a report last year that accused the agency of knowing about the infamous "Heartbleed" security vulnerability for two years and exploiting it.
For its part, the government denied that report, and the director of National Intelligence later released a statement saying, when a weakness is discovered, "it is in the national interest to responsibly disclose the vulnerability." But it did include the caveat "unless there is a clear national security or law enforcement need."
A source from Alibaba told CBC the company was never contacted by any of the agencies involved about UC Browser's vulnerability and said it wasn't aware any user data had been leaked.
This video includes images from Getty Images.
San Francisco Will Allow Police To Deploy Robots That Kill
San Francisco police would only use killer robots "in extreme circumstances to save or prevent further loss of innocent lives," a spokesperson said.By Eric Risberg / AP
Pepsi Contest Calls For Mixing Soda And Milk For 'Pilk And Cookies'
Pepsi's new sweepstakes builds on a TikTok trend by asking fans to mix up a soda and milk, or 'pilk,' for a pilk and cookies holiday photo.By Pepsi
Fmr. CIA Official Calls For Restrictions On Officers Working At TikTok
The CIA's former acting general counsel told Newsy Congress should put post-employment restrictions in place.By Michael Dwyer / AP
How To Become A Millionaire By The Time You Retire
How can you become a millionaire? Personal finance experts say to start your retirement saving early and sock away a certain amount every year.By AP
Browns Quarterback Deshaun Watson Returns From Suspension
Watson returned from an 11-game suspension after being accused by more than two dozen women of sexual harassment and assault during massage sessions.By Eric Christian Smith / AP
Rover Releases Most Popular Dog Names Of 2022
If you have a Max or a Luna, you're far from alone.By Niranjan Shrestha / AP