Monthly Archives: March 2017

Security experts at Trend Micro have discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America.

The experts explained that the MajikPOS has the same capabilities of any other PoS malware, but it features an interesting modular approach in execution.

The first attacks powered with MajikPOS were observed at the end of January 2017, the malicious code borrows features from PoS malware and remote access Trojan (RAT).

“We’ve uncovered a new breed of point-of-sale (PoS) malware currently affecting businesses across North America and Canada: MajikPOS (detected by Trend Micro as TSPY_MAJIKPOS.A).” reads the analysis shared by Trend Micro.”Like a lot of other PoS malware, MajikPOS is designed to steal information, but its modular approach in execution makes it distinct. “

In the past researchers have observed other PoS malware with multiple components that are tasked of differed features (i.e. FastPOS (its updated version), Gorynych, ModPOS), but according to Trend Micro the MajikPOS’s modular structure is quite different. MajikPOS needs only another component from the server to conduct its RAM scraping routine.

MajikPOS is written using the “.NET framework” and uses encrypted communication channel to avoid detection.

The crooks did not use sophisticated techniques to compromise the targets, they were able to gain access to the PoS systems through brute-force attacks on Virtual Network Computing (VNC) and Remote Desktop Protocol (RDP) services protected by easy-to-guess passwords.

In some cases, the cyber criminals used Command-line FTP (File Transfer Protocol) or a modified version of Ammyy Admin to install the MajikPOS malware.

In some cases, attackers have used RATs previously installed on the system, the researchers noticed that in several attacks RATs were installed on the targets’ machines between August and November 2016.

Giving a look at other MajikPOS tricks, the experts noticed that its operators utilized commonly used lateral movement hacking tools to gain access to other systems in the host network.

Once installed on a machine, the malicious code connects to the C&C server and receives a configuration file with three entries to be used later.

Below an image of the C&C panel that is called Magic Panel.

The RAM scraping component of the threat is called Conhost.exe, it scans the memory searching for card data of the major card issuers, including American Express, Diners Club, Discover, Maestro, Mastercard, and Visa.

It verifies the credit card’s track data and then sends it to the C&C server via HTTP POST.

“After verifying the credit card’s track data, the information is sent to the C&C server via HTTP POST, Action=”bin”.” continues the post published by Trend Micro.

Further investigation allowed the experts to discover that the registrant for the Magic Panel servers also registered many other websites used to sell stolen credit card data.

According to Trend Micro the websites managed by the gang behind the threat currently offers around 23,400 stolen credit card tracks for sale, priced between $9 and $39, depending on the type of card. The crooks also offer bulk packages of card composed of 25, 50, and 100 units, that are priced at $250, $400, and $700, respectively.

“Some of these websites were advertised on carding forums as early as February 2017 by a user called “MagicDumps”, who has been updating the forums for new dumps based on location—mostly in the U.S. and Canada.” added Trend Micro.

As a mitigation strategy, experts suggest properly configured chip-and-pin credit cards with end-to-end encryption, unfortunately, many merchants still haven’t implemented the PIN part of the chip-and-PIN process.

via:  securityaffairs

Disruption comes weeks after AWS’s storage platform had high error rates.

On Wednesday night into the early morning hours of Thursday Microsoft reported that its Azure cloud customers had difficulty provisioning storage resources, including in its Eastern US region.

The service disruption had a domino effect that impacted many other services too, including its cloud-based SQL database platform. The issue was first reported at 21:50 UTC and was resolved by about 6:00 on Thursday.

“Due to a incident in East US affecting Storage, customers and service dependent on Storage may have experienced difficulties provisioning new resources or accessing their existing resources in the region,” Microsoft reported on its Azure health status page. Other services impacted include: Azure Media Services, Application Insights, Azure Logic Apps, Azure Data Factory, Azure Site Recovery, Azure Cache, Azure Search, Azure Service Bus, Azure Event Hubs, Azure SQL Database, API Management and Azure Stream Analytics.

While that issue was ongoing on Wednesday at 22:42 UTC, another “underlying storage incident” occurred that impacted storage management services, preventing customers from being able to provision new storage resources or add storage to existing workloads. Existing workloads were not impacted though, Microsoft said. That issue impacted Azure Search, Azure Monitor, Azure Site Recovery, Azure Batch and Visual Studio Team Services build. The issue was resolved within a couple of hours.

This Azure storage disruption comes a couple of weeks after Amazon Web Service’s Simple Storage Service experienced increased error rates that impacted many sites across the Internet.

Microsoft says it will release a Root Cause Analysis to explain details of the situation.

via:  networkworld

Stuck in a rut in your IT job? Here’s how to work the shift to the cloud to your personal advantage.

It’s not easy to get ahead in large enterprises. Companies of that size are typically awash in policies and procedures that affect how far and how fast you can go as an employee. Years ago, I remember working for a Global 2000 company where it was understood that you had to leave and come back to get any kind of career acceleration.

These days, with the cloud technology talent shortage and the higher cost of that talent, companies are a bit more pragmatic. My advice to people stuck in the big-company IT job rut is to work the hype around cloud for your own career advantage. Here’s how:

First, you need to put in the extra time to learn all you can. Attend most of the local cloud computing meetups. There are Amazon Web Services meetups, cloud security meetups, and so on. Also, get all the certifications you can reasonably acquire. They are all in demand, and you can take the courses at any time without entering a classroom.

Second, make sure the powers that be are aware of your newly acquired skills. Give workshops at your company on cloud computing technology for all who will attend. Write articles for the company’s publications—and for outside publications, if they will have you. Don’t brag, but do let as many people as possible know you have cloud computing chops.

Third, target emerging cloud projects, not jobs. Figure out when and where cloud computing will show up in your company, as well as who owns the budget. Don’t be afraid to offer help. Some projects are hard to get into because some managers treat them as exclusive clubs. However, when it comes to them deciding whether to hire new employees or outside consultants, you’re already sitting there with the skills they need, and that will likely push them in your direction. Negotiate your new pay and job at that point.

The lesson here is often repeated with new technology: With a bit of ambition and some willingness to give up personal time, a lot of personal good can come.

via:  infoworld

Many businesses are actively encouraging their employees to use social media at work, hoping that they will become “brand advocates”, talking about the company’s products and services. Employers also hope that their worker’s accounts will help to give the company a “human” face.

But as good as these intentions are, you should carefully consider whether you really want to use your social media accounts at work. Because there are a few potential issues to be aware of.

Increased risk of downloading malware

Social media is a brilliant tool for sharing links, videos and interesting information with your friends online. But not all those links go to good places – quite often those pages will have adware, malware or computer viruses lurking in the background, trying to download themselves onto your computer.

If malware does install itself on your work computer, it could cause serious damage to the rest of the network. The time and costs associated with fixing these issues could seriously hurt your company – and maybe even lose you your job, even if it was an accident.

Possible negative press

There are dozens of examples of situations where someone has made a joke online, but one of their followers has taken offence. The issue quickly escalates, as strangers offer criticisms – and sometimes even threats.

The fall-out from these incidents also affects that person’s employer – some people wrongly assume that the individual and their company are inextricably linked. So the company must act to regain control of the situation – including sacking the employee involved.

Wasting time

With so much interesting information available on Facebook, Twitter, Instagram etc, it is very easy to spend hours catching up on what people are sharing. But if you spend too long on non-work related tasks, you will run into problems getting your actual work done.

When the quality of your work starts to decline, you could be disciplined by your employer – and potentially sacked if things go too far.

Protecting yourself at work

Before you start using your personal social media accounts at work, you should have a conversation with your boss. You should ask how your employer expects you to behave:

• WHAT KIND OF MALWARE AND CONTENT-BLOCKING TOOLS WILL THEY DEPLOY TO PREVENT VIRUSES BEING DOWNLOADED ACCIDENTALLY?

• WHAT PROTECTIONS ARE IN PLACE IN THE EVENT OF A SOCIAL MEDIA DISASTER? IS THERE A PLAN TO PROTECT THE BUSINESS AND THE EMPLOYEES?

• WHAT CONSTITUTES FAIR USE? HOW MUCH IS TOO MUCH? CAN YOU DO WHATEVER YOU LIKE ONLINE, SO LONG AS YOUR WORK IS BEING DONE?

It is only by establishing these guidelines up front that you can hope to avoid accidentally breaking one of them, risking your job. By being smart, both you and your business avoid trouble and gain the benefits offered by social media.

via:  pandasecurity

When hard disk drives contain super sensitive data, cybersecurity professionals like myself will usually recommend that they shouldn’t be placed in any computers that have an operational TCP/IP stack. There are various ways that internet-connected computers can secure themselves against attack, such as firewalls, IPS devices, antivirus software, and OS configuration. That’s good enough security for most personal and professional computing needs.

There’s always the potential for attack even when you take many security precautions, but most computers need to use the internet. But when attackers really want your data, such as in the financial industry or in intelligence, the best bet is for your most sensitive data storage to have no network connectivity whatsoever. We refer to that technique as air-gapping.

Well, these days, air-gapping may no longer be enough. Can people see your HDD’s blinky lights?

Mordechai Guri of Ben-Gurion University has discovered a new way for attackers to get data from air-gapped machines. Guri and his research team developed malware that operates at the user level that’s designed to communicate an HDD’s data through its LED light. The challenge for an attacker is to get the malware on an air-gapped machine. But it’s possible for an attacker to do that with removable media, such as a USB stick or an optical disc. Socially engineer your way to physical access to a target machine, and bingo!

Guri’s team has focused on the security of air-gapped machines for years. The technique they developed improves upon previous exploits for getting data from air-gapped computers because it’s more covert and the malware doesn’t require kernel-level privileges.

Here’s how an attacker could implement Guri’s attack. An attacker puts the malware on some sort of removable media. Then they acquire physical access to a target machine. If the USB ports haven’t been disabled from mounting filesystems, or the optical drives haven’t been disabled from reading discs, there’s an easy way in. They don’t need to go through an administrator, privilege-escalate, or crack an admin password because the malware is user-level.

The next step follows once the malware is in the target machine. A camera gets a view of the target machine’s HDD light. (Guri’s team used a camera attached to a drone in their research.) Software attached to the camera interprets the light signals, or a video file taken from the camera is read by the same sort of software. Then the attacker has the data that they want.

When a LED light blinks at 4000hz, it can’t be detected by the human eye. Guri’s team was able to transmit a 4096 bit encryption key between a few minutes and mere seconds, depending on the quality of a camera’s reception. Wow! The technique transmits data relatively slowly, but some of the most sensitive data, such as keys, is very small.

So, to harden against Guri’s exploit, here’s what you can do:

• Lock down physical access to your data center in the usual ways. That reduces the likelihood of removable media transmitting malware to an air-gapped HDD.
• Disable USB ports, optical drives, and HDD connections that don’t absolutely need to be enabled.
• Make sure that your server room has no windows.
• Or, the simplest measure is to put opaque tape over your LEDs.

A roll of duct tape can be purchased from Amazon for as low as 68 cents. $4.52 shipping to my mailing address would bring the grand total to just under five bucks. What an affordable cybersecurity measure!

But the risk of increasingly inventive and covert techniques to extract data from air-gapped machines must not be trivialized. Frankly, I didn’t even think of the possibility of an HDD LED light as a vulnerability until Guri’s research was publicized. Information security researchers must really think outside of the box these days!

via:  tripwire

Due to the Jakarta Multipart parser in Apache Struts mishandling Content-Type headers, an attacker can remotely execute code on vulnerable systems.

Apache Software Foundation has patched a remote code execution vulnerability affecting the Jakarta Multipart parser in Apache Struts. Administrators need to update the popular Java application framework or put workarounds in place because the vulnerability is actively being targeted in attacks.

The issue affects Apache Struts versions 2.3.5 through 2.3.31 and versions 2.5 through 2.5.10. The presence of vulnerable code is enough to expose the system to attack—the web application doesn’t need to implement file upload for attackers to exploit the flaw, said researchers from Cisco Talos.

Talos “found a high number of exploitation events,” said Cisco threat researcher Nick Biasini. “With exploitation actively underway, Talos recommends immediate upgrading if possible or following the workaround referenced in the above security advisory.”

The remote code execution vulnerability (CVE-2017-5638) in the Jakarta Multipart parser is the result of improper handling of the Content-Type header, Apache said in its emergency security advisory. The header indicates the media type of the resource, such as when the client tells the server what type of data was sent as part of a POST or PUT request, or the server telling the client what type of content is being returned as part of the response. The flaw is triggered when Struts parses a malformed Content-Type HTTP header and lets attackers remotely take complete control of the system without needing any kind of authentication.

“It is possible to perform a RCE [remote code execution] attack with a malicious Content-Type value. If the Content-Type value isn’t valid an exception is thrown which is then used to display an error message to a user,” Apache said in its advisory.

• System administrators using Jakarta-based file upload Multipart parser, which is a standard part of the Struts2 framework, should upgrade to Apache Struts version 2.3.32 or 2.5.10.1.
• Alternatively, administrators can switch to a different implementation of the Multipart parser, such as the Pell parser plugin, which doesn’t use the Common-FileUpload library and is therefore not at risk.
• Another workaround is to implement a Servlet filter to validate Content-Type and throw away requests with suspicious values.

Cisco Talos observed two types of attacks: probing, to find out what the target network and systems look like, and malware distribution. The majority of the attacks appear to be using a publicly released proof of concept to run various commands, from simple commands such as whoamito more sophisticated commands which can pull down and run malicious ELF executables. For example, an attacker can use whoami as a probe to determine if the system is vulnerable and to find the user associated with the running service. If the command returns a power user, then the attacker can continue with a more sophisticated set of commands, Biasini said.

Talos also observed other attacks which turn off firewall processes and download malicious payloads from a remote server. “The payloads have varied but include an IRC bouncer, a DoS bot, and a sample related to the bill gates botnet,” Biasini wrote.

Apache classified the vulnerability (s2-045) as high risk in its advisory, but it doesn’t currently have a score under the Common Vulnerability Scoring System (CVSS). Considering this flaw doesn’t require the attacker to be authenticated; is not considered difficult to exploit; and can result in information disclosure and complete system compromise, the final score could be a 10, the highest, and most critical, rating possible under the system.

Qualys has developed a test probe, which sends a GET request in certain directories and try to run ifconfig or ipconfig commands, to detect if the system is vulnerable, said Amol Sarwate, the director of engineering at Qualys. A Metasploit module is also already available.

If updating Struts is not an option, Cisco Talos researchers recommended configuring next-generation intrusion prevention systems, next-generation firewalls, and web application firewalls with the appropriate rules to block attempts to exploit the vulnerability. Cisco customers can get the latest sets of rules through Defense Center, FireSIGHT Management Center, or Snort.org (SID 41818, 41819), Biasini said.

“It is likely that the exploitation will continue in a wide scale since it is relatively trivial to exploit and there are clearly systems that are potentially vulnerable,” Biasini said.

via:  infoworld

Bought a brand new Android Smartphone? Do not expect it to be a clean slate.
At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, which are being distributed by two unidentified companies have been found pre-loaded with malware programs.
These malware infected devices were identified after a Check Point malware scan was performed on Android devices. Two malware families were detected on the infected devices: Loki and SLocker.
According to a blog post published Friday by Check Point researchers, these malicious software apps were not part of the official ROM firmware supplied by the smartphone manufacturers but were installed later somewhere along the supply chain, before the handsets arrived at the two companies from the manufacturer’s factory.

First seen in February 2016, Loki Trojan inject devices right inside core Android operating system processes to gain powerful root privileges. The trojan also includes spyware-like features, such as grabbing the list of current applications, browser history, contact list, call history, and location data.
On the other hand, SLocker is a mobile ransomware that locks victims devices for ransom and communicates through Tor in order to hide the identity of its operators.

List of Popular Smartphones Infected with Malware

Here’s the list of infected smartphones:

• Galaxy Note 2
• LG G4
• Galaxy S7
• Galaxy S4
• Galaxy Note 4
• Galaxy Note 5
• Xiaomi Mi 4i
• Galaxy A5
• ZTE x500
• Galaxy Note 3
• Galaxy Note Edge
• Galaxy Tab S2
• Galaxy Tab 2
• Oppo N3
• Vivo X6 plus
• Nexus 5
• Nexus 5X
• Asus Zenfone 2
• LenovoS90
• OppoR7 plus
• Xiaomi Redmi
• Lenovo A850

The malware backdoor offers its operator unrestricted access to these infected devices, from downloading, installing and activating Android malicious apps, deleting user data, uninstalling security software and disabling system apps, to dialing premium phone numbers.

This incident underscores the dangers of untrusted supply chains, and experts are quite worried about the security of the supply chain with reports of over 20 incidents where rogue retailers have managed to pre-install malware on new Android handsets.

Here’s How to Remove the Malware Infections:

Since the malware programs were installed to the device’s ROM using system privileges, it’s hard to get rid of the infections.
To remove the malware from the infected devices, either you can root your device and uninstall the malware apps easily, or you would need to completely reinstall the phone firmware/ROM via a process called “Flashing.”
Flashing is a complex process, and it is recommended that users power off their device and approach a certified technician/mobile service provider.
It’s not the first time when high-end smartphones have been shipped pre-installed with malicious apps that can covertly siphon sensitive user data.
In December last year, certain low-cost Android smartphones and tablets were found to be shipped with malicious firmware that covertly gathered data about the infected devices, displays ads on top of running apps and downloads unwanted APKs on the victim’s devices.
In November, researchers discovered a hidden backdoor in the AdUps firmware of over 700 Million Android smartphones, which also covertly gathered data on phone owners and sent it to a Chinese server without the user’s knowledge.
Meanwhile, a flaw in the Ragentek firmware used by certain low-cost Android devices was also discovered that allowed attackers to remotely execute malicious code with root privileges, turning over full control of the devices to hackers.

via:  thehackernews

PandaLabs has detected an attack vector using Windows Sticky Keys which allows the takeover of a computer without running any malware.

PandaLabs has recently detected an attack targeting a company in Hungary which did not use any malware as such, but scripts and other tools belonging to the operating system itself in order to bypass scanners.

The attack starts with the attackers launching a brute-force attack against a server with the Remote Desktop Protocol (RDP) enabled. Once they get the computer’s login credentials, they have complete access to it.

Then, the first thing that the attackers do is run the sethc.exe file with the parameter 211 from the computer’s Command Prompt window (CMD). This turns on the system’s “Sticky Keys” feature.

Next, a program called “Traffic Spirit” is downloaded and run. “Traffic Spirit” is a traffic generator application which in this case is used to make extra money out of the compromised computers.

Then, a self-extracting file is launched that uncompresses the following files in the %Windows%\cmdacoBin folder:

• registery.reg
• SCracker.bat
• Sys.bat

The attackers then proceed to run the Windows registry editor (Regedit.exe) to add a key contained in the registery.reg file.

This key aims at ensuring that every time the Sticky Keys feature is used (sethc.exe), a file called SCracker.bat gets run. This is a batch file that implements a very simple authentication system.

Running the file displays a login window, and the username and password are obtained from two variables included in the sys.bat file.

This way, the attacker installs a backdoor on the affected machine. With this backdoor, the attacker will be able to connect to the targeted computer without having to enter the login credentials, enable the Sticky Keys feature (for example, by pressing the SHIFT key five times), and enter the relevant username and password to open a command shell.

The command shell shortcuts will allow the attacker to access certain directories, change the console color, and make use of other typical command-line commands.

However, the attack doesn’t stop here. In their attempt to make as much profit as possible from the targeted company, the attacker installs a bitcoin miner to take advantage of every compromised computer for free money.

If an attacker can actually access a targeted computer via an RDP connection, what do they need a backdoor for? The answer to this question, according to Panda Security, is quite simple: By installing a backdoor on the affected machine, even if the victim realises that their system has been compromised and changes the Remote Desktop credentials, all the attacker has to do is  press the SHIFT key five times to enable Sticky Keys and run the backdoor to be able to access the system again.

“And remember,” says Panda Security, all of this happened without running malware on the affected computer.

via:  scmagazine

The US Federal Communications Commission has bowed to the telecoms lobby in blocking a regulation which would make ISPs take ‘reasonable measures’ to protect customer data.

US authorities have indefinitely blocked data protection regulations for ISPs in the face of industry pressure.

On 1 March, The Federal Communications Commission (FCC) agreed to repeal a 2016 privacy order which demanded that ISPs take “reasonable measures to protect customer (data) from unauthorized use, disclosure and access.”

The move was in response to a stay petition signed by some of the largest internet companies in the world including AT&T, Verizon, T-Mobile and Comcast along with a host of smaller and regional providers. The 11 companies called for a halt on the order, which was due to go into effect on 2 March, saying that there were already voluntary industry principles in place and the cost of complying with the order would be harmful to not just business but customers, too.

The privacy order, made in October 2016 under the Obama presidency, apparently departs sharply from the Federal Trade Commission’s privacy framework which, according to the petitioners, “effectively balances the twin objectives” of  customers control over their own data and “beneficial uses of data that lead to innovation, new products and capabilities, customized services, and growth in the digital economy”.

The petitioners claimed that the order recommends several costly and cumbersome moves for ISPs including changes to companies’ internal business structures, customer authentication methods and information handling practices. In essence, compliance will be costly, especially for smaller providers and “wasteful and counterproductive to the public interest”.

The opposition to the petition argued that those claims of harm were theoretical or grossly exaggerated. A block on the privacy order would be against the public interest because ISPs lack market incentives to protect customer data. The industry principles and the FTC privacy framework that the petitioners so admire, the opposition added, come without an enforcement mechanism, making compliance voluntary. 

The blocking of the privacy order was welcomed by the two Republican commissioners of the FCC, with the one Democrat Mignon Clyburn, dissenting. He stated to the commission that the body was failing to carry out its job of being “the cop on the beat”. Instead this block permitted “providers to shift the costs for corporate negligence onto private citizens”. The decision, said Clyburn, meant that a voluntary code is the only federal protection for broadband data security: “If a provider simply decides not to adequately protect a customer’s information and does not notify them when a breach inevitably occurs, there will be no recompense as a matter of course.

The FCC’s chair and Trump appointee, Ajit Pai, is a controversial figure and is often labelled not only as a partisan enemy of regulation but net neutrality too. He’s been resolute in his stated belief that the FCC should not be a regulatory hindrance but a conduit for economic growth in the dynamic tech sector.

He voted against the 2015 Open Internet Order, which was meant to serve as a baseline regulation for net neutrality. In 2016, he made a speech to the conservative Free State Foundation, railing against the recent classification of the internet as a Title II carrier under the 1934 Telecommunications Act. The classification imposed a number of rules on internet service providers, and is believed to be a step towards net neutrality.

He noted in his speech that when a Trump came into office, this would all change. He told the audience: “We need to fire up the weed whacker and remove those rules that are holding back investment, innovation, and job creation.”

via:  scmagazine

The website releases more than 8,700 documents it says are from a CIA cyber unit.

WikiLeaks has released more than 8,700 documents it says come from the CIA’s Center for Cyber Intelligence, with some of the leaks saying the agency had 24 “weaponized” and previously undisclosed exploits for the Android operating system as of 2016.

Some of the Android exploits were developed by the CIA, while others came from the U.S. National Security Agency, U.K. intelligence agency GCHQ, and cyber arms dealers, according to the trove of documents released Tuesday.

Some smartphone attacks developed by the CIA allow the agency to bypass the encryption in WhatsApp, Confide, and other apps by collecting audio and message traffic before encryption is applied, according to the WikiLeaks analysis.

The documents show the CIA “hoarding” undisclosed, or zero-day, exploits for a number of systems, despite promises from former President Barack Obama’s administration to share the vulnerabilities with vendors, according to WikiLeaks analysis.

The CIA declined to comment on the authenticity of the leaks. The documents, which cover the years 2013 to 2016, amount to the “largest ever publication of confidential documents on the agency” and the “entire hacking capacity of the CIA,” WikiLeaks claimed.

Some documents released describe how the spy agency used malware and hacking tools to target iPhones and smart television sets. Others detail the CIA unit’s efforts to compromise Windows, Apple’s OS X, Linux, and routers.

One attack, called Weeping Angel, targets Samsung smart TVs and was developed by the CIA and the U.K.’s MI5, according to WikiLeaks’ analysis of the documents.

The Weeping Angel attack attempts to place the target TV in a “fake-off” mode to trick the owner into believing the devices is off when it is on. In the fake-off mode, the TV set can be used as a bug, recording conversations in the room and sending them over the internet to a CIA server.

In late 2014, the CIA was also looking for ways to infect vehicle software systems, according to one document.

The CIA unit’s cyber weapons could create serious problems if the agency loses control of them, WikiLeaks editor Julian Assange said in a press release.

“There is an extreme proliferation risk in the development of cyber ‘weapons,’ he said. “Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them combined with their high market value, and the global arms trade.”

Samsung and Google, the creator of the Android operating system, didn’t immediately respond to questions about potential CIA attacks against their products.

via:  csoonline