Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Governments Use 'Legal' Mobile Malware To Spy On Citizens
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/29/2014 | 9:10:30 PM
Unconstiutional
Wasn't there a recent judgment made passing this as unconstitutional? I think it might have been within the last week. If anyone knows off hand please elaborate. I will try to find more data.
theb0x
50%
50%
theb0x,
User Rank: Ninja
6/28/2014 | 12:00:10 PM
Re: Spy vs Spy
Since it is well established, atleast according to Snowden..if that is his real name. The NSA can undetectably intercept devices in transit and implant them with malware before the shipment reaches it's destination.

With that being said, who in their right mind uses stock firmware on their mobile device? I use my own highly customized firmware built and hardened from scratch. SMS functionality is completely stripped. GPS functionality can actually be disabled along with camera and mic. All data/VOIP communications are established via VPN and pass through an IPS. The hardware MAC address is spoofed at a random interval and all data on the device is fullly encrypted and will self destruct via 35 pass Gutmann Algorithm after 5 failed attempts to bypass the screen lock.

Do I have anything to hide? No. But I do believe very strongly in personal privacy and having complete control of my device.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/25/2014 | 1:52:21 AM
Spy vs Spy
I'm one of the little guys.  Am I high tech?  Yes.  Do I work up in the 5-10% head space when it comes to using tech beyond the pale?  Yes.  But I still see myself as one of the little guys when it comes to the government.  Look, Big Bro – we don't have any secrets.  You know the bad and the good I've done.  Listen to my phone conversations, comb my email, and monitor my network traffic.  It's OK – I'm over it now.  But, for crying out loud, be smart about it.  Whether you do it through "legal" means or otherwise, you're still opening the door for everyone else out there to get to my information; and that I do care about.

See, for every encrypted tunnel out there is a host of hackers dying to look down it.  Snowden didn't scratch the surface with his revelations – I suspect he was really only stating the obvious.  The real issue is that, especially with the tech described in this article – our favorite cartoon Spy vs Spy has moved from anvils, bombs and guns to bots, malware, injection and sniffing.  Name the US government agency electronically connecting to your data and I'll show you a foreign government-employed hacker trying to ride that connection and share in the booty, and a host of cyber criminals right behind him.

So, what I'm asking you, Big Bro, is – and I can't believe I'm saying this – to please get better at spying on us, secure your connections and software better, and please keep all my private information just between us!


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, Kroll,  10/21/2020
Botnet Infects Hundreds of Thousands of Websites
Robert Lemos, Contributing Writer,  10/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8260
PUBLISHED: 2020-10-28
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
CVE-2020-8261
PUBLISHED: 2020-10-28
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
CVE-2020-8262
PUBLISHED: 2020-10-28
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
CVE-2020-8263
PUBLISHED: 2020-10-28
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
CVE-2020-8239
PUBLISHED: 2020-10-28
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.