Clearly that Russian software pretending to be made in America was incorporated into more than 8000 applications and was also used by the US military
It turned out that the code contained in thousands of smartphone apps distributed on the App Store and Google Play was developed by the Russian technology company `` Pushwoosh '' disguised as an American company. Some of the apps were used by the US Centers for Disease Control and Prevention and US military personnel.
Exclusive: Russian software disguised as American finds its way into US Army, CDC apps | Reuters
Pushwoosh is a company that develops a push notification SDK. App developers can use this SDK to send notifications to users, track users, and profile them. There are about 8,000 applications that incorporate Pushwoosh's SDK, and 2.3 billion devices have been used so far.
Pushwoosh was registered as an American company with US regulators, but a Reuters investigation revealed that it was actually headquartered in Novosibirsk, a city in Siberia.
When Reuters visited the address in the United States registered as Pushwoosh's office, Pushwoosh's office building had no shadow or shape, and it seems that there was a Russian house claiming to be a friend of Pushwoosh's founder. The Russian said, 'The founder just lent the address to receive mail.' Pushwoosh founder Max Konev admitted to Reuters that he 'started using it to receive business-related documents.'
In addition, evidence that Pushwoosh executives used LinkedIn to conduct sales was also confirmed, but it seems that the profile used was revealed to be fake.
Pushwoosh said, ``We have not collected any classified information and there is no evidence that the data has been mishandled.The data is stored in the United States and Germany.We have no relationship with the Russian government and are of Russian descent. I never tried to hide it,' he said. However, Saber Security experts point out that ``even if data is stored overseas, it cannot prevent Russian intelligence agencies from forcibly seeking access to the data,'' and questioned the security of the data. presented.
Following this report, the US Centers for Disease Control and Prevention removed the Pushwoosh SDK from seven applications, citing security concerns. Similar concerns have led the US Army to remove apps containing the Pushwoosh SDK.
According to Reuters, the concealment of information by Pushwoosh may violate the law, and it is expected that the Federal Trade Commission and various regulatory authorities will crack down in the future.
In addition, the non-profit company 'Internet Safety Labs', which evaluates the safety of software, lists and publishes applications that use Pushwoosh's SDK, among which is a Japanese game application and '- real Titles such as Dark Gold Game-Collect 100 million yen from your sister!” and Tokushima Prefecture’s official tourism app “
Reuters Breaks Story on Dangerous SDK PushWoosh Found by ISL - Internet Safety Labs
https://internetsafetylabs.org/blog/news-press/reuters-breaks-story-on-dangerous-sdk-pushwoosh-found-by-isl/
Related Posts:
