Russian software infiltrated US Army and CDC apps

Spread the love

The Pushwoosh app presented itself as American to get customers, hiding its true origin

Russian software infiltrated US military and CDC apps

US soldiers use their cell phones at a Georgia military base (Reuters)

Thousands of mobile apps in Apple and Google's online stores contain computer codedeveloped by a technology company, Pushwoosh, which claims to be based in the United States, but is actually Russian, according to an investigation by the Reuters agency.

The Centers for Disease Control and Prevention (CDC), the United States' lead agency for combating major health threats, said it had been misled into believing Pushwoosh had its headquarters in the US capital. After learning about his Russian roots through Reuters, removed Pushwoosh software from seven publicly available apps, citing security concerns.

The US military said it removed an app containing Pushwoosh code in March by the same reasons. That app was used by soldiers at one of the country's major combat training bases.

According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh has his headquarters in the Siberian city of Novosibirsk, where it is registered as a software company that is also engaged in data processing. It employs about 40 people and reported revenue of 143,270,000 rubles ($2.4 million) last year. Pushwoosh is registered with the Russian government to pay taxes in Russia.

However, on social media and in US regulatory documents, it presents itself as a US company , at various times based in California, Maryland and Washington, D.C., Reuters discovered.

Russian software infiltrated ; in US military and CDC applications

Centers for Disease Control and Prevention (CDC) headquarters in Atlanta, Georgia (Reuters)

Pushwoosh provides code and data processing support for software developers, enabling them to profile the internet activity of smartphone app users and send tailored push or push notifications from push servers. Pushwoosh.

On its website, Pushwoosh states that it does not collect sensitive information, and Reuters has found no evidence that Pushwoosh mishandled user data. However, Russian authorities have forced local companies to hand over user data to national security agencies.

Pushwoosh founder Max Konev told Reuters in a September email that the company had not tried to hide its Russian origin. “I am proud to be Russian and would never hide it.”

He stated that the company “does not have any relationship with the Russian government” and that it stores its data in the United States and Germany.

However, cybersecurity experts said that storing the data abroad would not stop Russian intelligence agencies from forcing a Russian company to cede access to that data.

Russia, whose ties with the West have soured since its takeover Crimean peninsula in 2014 and its invasion of Ukraine this year, is a world leader in hacking and cyber espionage, spying on foreign governments and industries to seek competitive advantages, according to Western authorities.

After Reuters raised Pushwoosh's Russian links to the CDC, the health agency removed the code from its apps because “the company presents a potential security issue,” the agency said. spokesperson Kristen Nordlund.

(With infor information from Reuters/By James Pearson and Marisa Taylor)

Continue reading: