NSA Wanted To Hack Google App Store, Infect Android Phones - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
Commentary
5/21/2015
02:11 PM
Eric Zeman
Eric Zeman
Commentary
50%
50%

NSA Wanted To Hack Google App Store, Infect Android Phones

The NSA and its Five Eyes allies researched a man-in-the-middle attack to infect Android smartphone users by hacking Google's App Store. It's the last revelation from Edward Snowden.

Plan X: DARPA's Revolutionary Cyber Security Platform
Plan X: DARPA's Revolutionary Cyber Security Platform
(Click image for larger view and slideshow.)

The NSA hits just keep coming. New documents leaked by Edward Snowden show the National Security Agency wanted to intercept the connection between Android smartphones and the Google Play Store in order to install spyware.

Spies from the Five Eyes alliance, including Australia, Canada, New Zealand, the UK, and the US, developed a surveillance unit called the Network Tradecraft Advancement Team, according to documents published by The Intercept. The countries held workshops between November 2011 and February 2012 to explore how best to get spyware onto smartphones to improve information-gathering capabilities.

During that time they cooked up this particular scheme.

The pilot project was named "Irritant Horn." The agencies were able to discern how smartphone traffic moved across internet cables between the device itself and the servers run by Google's and Samsung's app stores. It was here the agencies planned to stage man-in-the-middle attacks in order to implant spyware onto smartphones. The figured out how to futz with the data as it passed from the Play Store to the target's smartphone while the user downloaded and installed legit apps.

(Image: samxmeg/iStockphoto)

(Image: samxmeg/iStockphoto)

Once the spyware was covertly installed on smartphones, the agencies could then use it to collect the data from the device without the owner ever being aware. Some of the data included emails, texts, Web history, call records, videos, photos, and other stored files, according to the leaked documents.

Beyond merely spying, the agencies also wanted to send "selective misinformation to the targets' handsets" in order to spread propaganda or confusion amongst adversaries.

The agencies apparently hoped to target users in select nations in Africa, such as Tunisia, Senegal, Sudan, and the Congo, where unrest was common at the time. Had the unrest unfolded in grander scale, Irritant Horn would have been more fully put to use.

The agencies were also positioned to use the methodology in France, Switzerland, the Netherlands, Russia, Cuba, and the Bahamas.

[Read about Google, Apple, and mobile data privacy.]

Snowden's documents don't specifically state that the NSA or its allies planned to use Irritant Horn in the US, but it seems a real possibility. They do, however, show that the Five Eyes countries managed to find and exploit a weakness in the UC Browser, which boasts more than half a billion users across Asia. The agencies were able to use the browser's weakness to mine user data.

Earlier this year Citizen Lab, a Toronto-based human rights research group, discovered the weakness and brought it to the attention of UC Browser's developers. The company patched the weakness with a recent update to the app.

None of the country's spy agencies offered comment on The Intercept's revelations, and neither did Google or Samsung.

Google has taken a number of hits this year on the purported lack of security in the Play Store. It bulked up app review processes in response, but has a long way to go to fully restore user confidence.

It would be nice to know that Google was able to ferret out the potential for the NSA's man-in-the-middle approach to the Play Store and resolve it.

Do you think it did? Tell us in the comments section below.

[Did you miss any of the InformationWeek Conference in Las Vegas last month? Don't worry: We have you covered. Check out what our speakers had to say and see tweets from the show. Let's keep the conversation going.]

Eric is a freelance writer for InformationWeek specializing in mobile technologies. View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
6/1/2015 | 11:03:49 PM
Re: If it's not illegal, it should be
I'd say it's worth it -- especially if you're a cloud provider (an industry in the US that has been losing billions of dollars because of the NSA/Snowden debacle).

And certainly possible.  You need unbeatable encryption and tools that keep even you yourself from your customers' data -- as Apple has with their encryption, and as Microsoft and Intel have been working on with projects related to Intel's SGX.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
5/24/2015 | 9:57:14 PM
Re: If it's not illegal, it should be
One of the reasons we need to invest in better information security overall -- to thwart all manner of attackers, government or not.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
5/24/2015 | 9:53:31 PM
Google App Store infection
Pretty sophisticated.  Of course, there are far easier ways to infect Android users via the Google Play store...as long as you don't care *which* user you infect.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
5/21/2015 | 6:02:41 PM
Re: why does this matter?
>why does anyone care?

Because it's against the law and the law applies to those who govern as well as the governed.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Commentary
Why IT Leaders Should Make Cloud Training a Top Priority
John Edwards, Technology Journalist & Author,  4/14/2021
Slideshows
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Commentary
Lessons I've Learned From My Career in Technology
Guest Commentary, Guest Commentary,  5/4/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll