Monday, January 27, 2014

NSA and GCHQ mine 'leaky mobile apps' for treasure drove of data

Wildly popular mobile games such as Angry Birds have been targeted by the NSA and U.K. counterpart GCHQ, per the latest leak by The Guardian from the cache of former NSA contractor Edward Snowden-provided documents. It's not about having fun, though.

The report says that the NSA and GCHQ have deemed such games "leaky," meaning they transmit the private information of end users' across the internet, where they can be intercepted by the spy organizations.

What sort of data are we talking about? Not only does it include the smartphone model (which, explicitly or not, will reveal the platform) and screen size, some apps transmit personal details such as age, sex and location.

Some apps go so far as to share very sensitive information -- such as sexual orientation. One app, the documents said, recorded specific marital status which included the category "swinger."

The New York Times, reporting on the same documents, said that data collection began as early as 2007.

It is somewhat unnerving to see what information the organizations could mine from a simple image uploaded to a social media site, otherwise known as the NSA's perfect scenario. That event is described in a slide from "Golden Nugget," an NSA presentation from May 2010 as "Target uploading photo to a social media site taken with a mobile device. What can we get?"

In the notes to the slide, the NSA said it could obtain a "possible image", email selector, phone, buddy lists, and "a host of other social working data as well as location."

In addition to apps such as video games, the two spy agencies delved deeply into the infomation from Google Maps. As you might expect, the location data from the app could be a gold mine. One top-secret NSA report from 2007 said that so much data was collected from the app that agents would “be able to clone Google’s database” of global searches for directions.

No comments: