NSA/GCHQ <3 Angry Birds and Google Maps and just LOOOVES smartphones in general

The NSA’s “Golden Nugget” perfect scenario:
“Target uploading photo to a social media site taken with a mobile device.”

What can they get? “a “possible image”, email selector, phone, buddy lists, and “a host of other social working data as well as location”.”

Also: “Anyone using Google Maps on a smartphone is working in support of a GCHQ system.”

What do they call their smartphone-backdooring software plugins?

DREAMY SMURF (Power management), NOSEY SMURF (“hot mic” room bugging), TRACKER SMURF (geolocation), PORUS (kearnel stealth), and PARANOID SMURF (self protection).

By the way…

When it comes to iPhone, “if it’s on the phone, we can get it.” When it comes to Android, “if it’s on the phone, we think we can get it.”

(this was as of 4 years ago, it probably hasn’t gotten any better, and probably gotten much worse.

Plus (or, well, minus?) — “redaction FAIL!”

The NYTimes tried redacting their PDFs using the much-loved “just draw a big black box over the secret text.”

Nobody told them beforehand that keen observers have been un-redacting this kind of redaction for years. Cryptome got a copy of the improperly redacted documents.

This marks the first time an NSA employee’s name was released in connection with the Snowden leaks[1].

Oddly redacted was the code / pseduocode used to extract EXIF data from sniffed images… it’s unclear why. (also from [1])

[2] shows only the redaction of some acronyms, and that they could access communications satellites. Not sure at all why the journalists blacked out that.

By the way, as to apps that protect — or not — the privacy of those unlucky enough to be smartphone-addicted, Foursquare sucks particularly badly. The Verge has an analysis of different apps.[3]

[1] http://cryptome.org/2014/01/nsa-smartphones-analysis.pdf [2] http://cryptome.org/2014/01/gchq-mobile-theme.pdf
[3] http://www.theverge.com/2012/2/14/2798008/ios-apps-and-the-address-book-what-you-need-to-know


%d bloggers like this: