The 98% vulnerability of Android phones could possibly be added to the list of the NSA’s programs for surveillance. Government employees, as well as hackers, could use the flaws to get into Droids—in the interest of national security.
Amnesty International offers new revelations about the extent of surveillance by the National Security Agency (NSA). These revelations, combined with evidence about the vulnerability of Android phones, allow for the possibility that hackers may not be the only ones reviewing if not controlling Droid accounts.
Edward Snowden, 29, an employee of government contractor Booz Allen Hamilton, disclosed that the NSA was tracking phones and Internet messages around the world. Snowden’s actions in bringing to light NSA activities came to the attention of the U.S. during the trial of Army Private First Class Bradley Manning for espionage and computer fraud in connection with the release of classified documents to WikiLeaks about the wars in Iraq and Afghanistan.
One NSA program gathers hundreds of millions of U.S. phone records to find links to known terrorist targets abroad. The other allows the government to tap into U.S. Internet companies, ostensibly to gather all communications and detect suspicious behavior starting overseas.
While the Justice Department is focusing on whether Snowden’s disclosures constituted crimes, a senior U.S. intelligence official told Time Magazine that there were no plans to scrap the programs, despite public outrage and tepid opposition by Congress.
The American Civil Liberties Union wants to see opinions by the U.S. court overseeing surveillance programs that justify the massive phone records database of the NSA. The Obama administration wants the court to reject the request. (Reuters)
Meanwhile the Washington Post has reported that security researchers believe they have found major security flaws in Google’s Android mobile system that may affect 99 percent of Android phones users.
The flaws relate to Google’s use of its security verification process on Google Play applications for Android 1.6. The 900 million Android devices may be open to hackers who could turn legitimate application into Trojan malware, without alerting the attention of Google’s app store or the person using an application.
Malware is a shortened form of “malicious” code or software, specifically designed to damage or disrupt hosts or networks, or to take other illegitimate actions, such as the theft of data. Trojan malware looks legitimate, deceiving users into loading and executing it on their systems. After it is activated, it can also delete files, spread other malware such as viruses, and create back doors to allow other malware users access to the system. (Cisco)
The result is that anyone breaking into an app would gain access to the phone’s data and even take over functioning of the phone. Jeff Forristal the CTO of Bluebox Security, Inc., says that a hacker gaining access to an Android phone could unlock emails, text messages, account information and stored passwords. Bluebox is a cybersecurity startup based in San Francisco. (ABC News)
Given that Androids are open to hacking, it is a logical step for the NSA to utilize the flaws in the system to conduct surveillance activities and gather more data on cell phone calls for tracking terrorists.
Google’s unguarded operating system (OS) allows anyone to find out how it works. Android OS is used for 75 percent of the world’s smartphones. At the same time, 79 percent of all mobile malware activities in 2012 were run on Android phones. Because smartphones are connected to other servers, the damaging effects of security breaches on Androids are magnified. Bluebox says that it notified Google about this potential problem last February. (Macleans)
Techblog Gigaom reports that Google has made security updates to its Play Store, so users downloading apps should be relatively secure.
TechCrunch indicates that there is already a patch for correcting the problem on the Samsung Galaxy S4, but the fix has not yet been released. Until Google makes appropriate repairs, users have been advised to take precautions such as verifying the publisher of any app they want to download.
At the same time, why wouldn’t the NSA use the flaws in Android Phones to do its surveillance work?
By: Tom Ukinski