by Tyler Durden
July 09, 2013
from
ZeroHedge Website
Over a decade ago, it was discovered that
the NSA embedded
backdoor access into Windows 95, and likely into virtually all other
subsequent internet connected, desktop-based operating systems.
However,
with the passage of time, more and more people went "mobile", and as a
result the NSA had to adapt.
And adapt they have, as
Bloomberg
Businessweek reports,
"The
NSA is quietly writing code for Google’s Android OS."
Is it ironic that the same "don't be evil"
Google which went to such great lengths in the aftermath of the Snowden
scandal to wash its hands of snooping on its customers and even
filed a request with the secretive FISA court asking permission to
disclose more information about the government’s data requests, is embedding
NSA code into its mobile operating system,
which according to IDC runs on
three-quarters of all smartphones shipped in the first quarter?
Yes, yes it is.
Google spokeswoman Gina Scigliano
confirms that the company has already
inserted some of the NSA’s programming in Android OS.
"All Android
code and contributors are publicly available for review at
source.android.com," Scigliano says, declining to comment further.
From
Bloomberg Businessweek (far below report):
Through its open-source Android project, Google has agreed to
incorporate code, first developed by the agency in 2011, into future
versions of its mobile operating system,
which according to market researcher IDC runs on three-quarters of the
smartphones shipped globally in the first quarter.
NSA officials say their code, known as
Security Enhancements for Android, isolates apps to prevent hackers and
marketers from gaining access to personal or corporate data stored on a
device.
Eventually all new phones, tablets,
televisions, cars, and other devices that rely on Android will include
NSA code, agency spokeswoman Vanee’ Vines said in an
e-mailed statement. NSA researcher Stephen Smalley, who works on the
program, says,
“Our goal is to raise the bar in the security of
commodity mobile devices.”
See, there's no need to worry: the reason the
NSA is generously providing the source code for every Google-based
smartphone is for your own security. Oh but it's open-sourced, so
someone else will intercept any and all attempts at malice. We forgot.
The story continues:
In a 2011 presentation obtained by Bloomberg
Businessweek, Smalley listed among the benefits of the program that it’s
“normally invisible to users.”
The program’s top goal, according to that presentation:
“Improve our
understanding of Android security.”
Well one wouldn't want their bug to be
visible to users now, would one...
Vines wouldn’t say whether the agency’s work
on Android and other software is part of or helps with Prism.
“The
source code is publicly available for anyone to use, and that includes
the ability to review the code line by line,” she said in her statement.
Most of the NSA’s suggested additions
to the operating system can already be found buried in Google’s latest
release - on newer devices including Sony’s Xperia Z, HTC’s One, and
Samsung Electronics’ Galaxy S4.
Although the features are not
turned on by default, according to agency documentation,
future versions will be.
In
May the Pentagon approved the use of smartphones and tablets that run
Samsung’s mobile enterprise software, Knox, which also includes NSA
programming, the company wrote in a June white paper.
Sony, HTC, and
Samsung declined to comment.
Apple appears to be immune from this
unprecedented breach of customer loyalty, if only for now, although
open-sourced Linux may not be as lucky:
“Apple does not accept source code
from any government agencies for any of our operating systems or other
products,” says Kristin Huguet, a spokeswoman for the company.
It’s not
known if any other proprietary operating systems are using NSA code.
SE for Android is an offshoot of a
long-running NSA project called Security-Enhanced Linux. That
code was integrated a decade ago into the main version of the
open-source operating system, the server platform of choice for Internet
leaders including Google, Facebook, and Yahoo!.
Jeff Zemlin,
the executive director of the Linux Foundation, says the NSA didn’t add
any obvious means of eavesdropping.
“This code was peer-reviewed by a
lot of people,” he says.
But that's not all:
The NSA developed a separate Android project
because Google’s mobile OS required markedly different programming,
according to Smalley’s 2011 presentation.
Brian Honan, an information
technology consultant in Dublin, says his clients in European
governments and multinational corporations are worried about how
vulnerable their data are when dealing with U.S. companies.
The
information security world had been preoccupied with Chinese hacking
until recently, Honan says.
“With Prism, the same accusations can be
laid against the U.S. government.”
In short: the (big brother supervised) fun never
stops in Stasi 2.0 world.
Just buy your 100 P/E stocks, eat your burgers,
watch your Dancing With The Stars, pay your taxes, and engage in as much
internet contact with other internet-addicted organisms as possible and all
shall be well.
Oh, and from this...
...to this...
(courtesy of @paradism_)
Security-Enhanced Android
-
NSA Edition
by Mark Milian
July 03, 2013
from
BloombergBusinessWeek Website
Tech giants listed as part of the National Security Agency’s
Prism spying
program have gone to some lengths to convince the world they aren’t in bed
with the U.S. government.
Google has filed a request with the U.S.
Foreign Intelligence Surveillance Act court asking permission to disclose
more information about the government’s data requests. So there’s a certain
irony that NSA programmers are now refining code that Google has approved
for the company’s mobile
operating system, Android.
Google spokeswoman Gina Scigliano confirms that the company has already inserted some of the NSA’s
programming in Android OS.
“All Android code and contributors are publicly
available for review at source.android.com,” Scigliano says, declining to
comment further.
Through its open-source Android project, Google has agreed to incorporate
code, first developed by the agency in 2011, into future versions of its
mobile operating system, which according to market researcher IDC runs on
three-quarters of the smartphones shipped globally in the first quarter.
NSA
officials say their code, known as Security Enhancements for Android,
isolates apps to prevent hackers and marketers from gaining access to
personal or corporate data stored on a device.
Eventually all new phones,
tablets, televisions, cars, and other devices that rely on Android will
include NSA code, agency spokeswoman Vanee’ Vines said in an e-mailed
statement.
NSA researcher Stephen Smalley, who works on the program, says,
“Our goal is to raise the bar in the security of commodity mobile devices.”
In a 2011 presentation obtained by Bloomberg Businessweek, Smalley listed
among the benefits of the program that it’s “normally invisible to users.”
The program’s top goal, according to that presentation:
“Improve our
understanding of Android security.”
Vines wouldn’t say whether the agency’s work on Android and other software
is part of or helps with Prism.
“The source code is publicly available for
anyone to use, and that includes the ability to review the code line by
line,” she said in her statement.
Most of the NSA’s suggested additions to
the operating system can already be found buried in Google’s latest
release - on newer devices including,
Although the features
are not turned on by default, according to agency documentation, future
versions will be.
In May the Pentagon approved the use of smartphones and
tablets that run
Samsung’s mobile enterprise software, Knox, which also
includes NSA programming, the company wrote in a June white paper.
Sony, HTC,
and Samsung declined to comment.
“Apple does not accept source code from any government agencies for
any of our operating systems or other products,” says Kristin Huguet, a
spokeswoman for the company.
It’s not known if any other proprietary
operating systems are using NSA code. SE for Android is an offshoot of a
long-running NSA project called Security-Enhanced Linux.
That code was
integrated a decade ago into the main version of the open-source operating
system, the server platform of choice for Internet leaders including Google, Facebook,
and Yahoo!.
Jeff Zemlin, the executive director of the
Linux Foundation, says the NSA didn’t add any obvious means of
eavesdropping.
“This code was peer-reviewed by a lot of people,” he says.
The NSA developed a separate Android project because Google’s mobile OS
required markedly different programming, according to Smalley’s 2011
presentation.
Brian Honan, an information technology consultant in Dublin,
says his clients in European governments and multinational corporations are
worried about how vulnerable their data are when dealing with U.S.
companies.
The information security world had been preoccupied with Chinese
hacking until recently, Honan says.
“With Prism, the same accusations can be
laid against the U.S. government.”
The bottom line: The NSA is quietly writing code for Google’s Android OS.
Google says anyone has the right to do so.
