NSA Wanted To Hack Google App Store, Infect Android Phones - InformationWeek
IoT
IoT
Government // Mobile & Wireless
Commentary
5/21/2015
02:11 PM
Eric Zeman
Eric Zeman
Commentary
50%
50%

NSA Wanted To Hack Google App Store, Infect Android Phones

The NSA and its Five Eyes allies researched a man-in-the-middle attack to infect Android smartphone users by hacking Google's App Store. It's the last revelation from Edward Snowden.

Plan X: DARPA's Revolutionary Cyber Security Platform
Plan X: DARPA's Revolutionary Cyber Security Platform
(Click image for larger view and slideshow.)

The NSA hits just keep coming. New documents leaked by Edward Snowden show the National Security Agency wanted to intercept the connection between Android smartphones and the Google Play Store in order to install spyware.

Spies from the Five Eyes alliance, including Australia, Canada, New Zealand, the UK, and the US, developed a surveillance unit called the Network Tradecraft Advancement Team, according to documents published by The Intercept. The countries held workshops between November 2011 and February 2012 to explore how best to get spyware onto smartphones to improve information-gathering capabilities.

During that time they cooked up this particular scheme.

The pilot project was named "Irritant Horn." The agencies were able to discern how smartphone traffic moved across internet cables between the device itself and the servers run by Google's and Samsung's app stores. It was here the agencies planned to stage man-in-the-middle attacks in order to implant spyware onto smartphones. The figured out how to futz with the data as it passed from the Play Store to the target's smartphone while the user downloaded and installed legit apps.

(Image: samxmeg/iStockphoto)

(Image: samxmeg/iStockphoto)

Once the spyware was covertly installed on smartphones, the agencies could then use it to collect the data from the device without the owner ever being aware. Some of the data included emails, texts, Web history, call records, videos, photos, and other stored files, according to the leaked documents.

Beyond merely spying, the agencies also wanted to send "selective misinformation to the targets' handsets" in order to spread propaganda or confusion amongst adversaries.

The agencies apparently hoped to target users in select nations in Africa, such as Tunisia, Senegal, Sudan, and the Congo, where unrest was common at the time. Had the unrest unfolded in grander scale, Irritant Horn would have been more fully put to use.

The agencies were also positioned to use the methodology in France, Switzerland, the Netherlands, Russia, Cuba, and the Bahamas.

[Read about Google, Apple, and mobile data privacy.]

Snowden's documents don't specifically state that the NSA or its allies planned to use Irritant Horn in the US, but it seems a real possibility. They do, however, show that the Five Eyes countries managed to find and exploit a weakness in the UC Browser, which boasts more than half a billion users across Asia. The agencies were able to use the browser's weakness to mine user data.

Earlier this year Citizen Lab, a Toronto-based human rights research group, discovered the weakness and brought it to the attention of UC Browser's developers. The company patched the weakness with a recent update to the app.

None of the country's spy agencies offered comment on The Intercept's revelations, and neither did Google or Samsung.

Google has taken a number of hits this year on the purported lack of security in the Play Store. It bulked up app review processes in response, but has a long way to go to fully restore user confidence.

It would be nice to know that Google was able to ferret out the potential for the NSA's man-in-the-middle approach to the Play Store and resolve it.

Do you think it did? Tell us in the comments section below.

[Did you miss any of the InformationWeek Conference in Las Vegas last month? Don't worry: We have you covered. Check out what our speakers had to say and see tweets from the show. Let's keep the conversation going.]

Eric is a freelance writer for InformationWeek specializing in mobile technologies. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
6/1/2015 | 11:03:49 PM
Re: If it's not illegal, it should be
I'd say it's worth it -- especially if you're a cloud provider (an industry in the US that has been losing billions of dollars because of the NSA/Snowden debacle).

And certainly possible.  You need unbeatable encryption and tools that keep even you yourself from your customers' data -- as Apple has with their encryption, and as Microsoft and Intel have been working on with projects related to Intel's SGX.
mak63
50%
50%
mak63,
User Rank: Ninja
5/31/2015 | 11:59:41 PM
Five Eyes
"Spies from the Five Eyes alliance, including Australia, Canada, New Zealand, the UK, and the US..."

I have some idea why the US and the UK are in the alliance, but what are the other countries doing there?

Ah yes, they all speak English
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
5/26/2015 | 10:05:10 PM
Re: If it's not illegal, it should be
Joe, let's be serious here. Is it really worth investing in cyber security to protect your organization from government attacks? Perhaps we can protect against the strikes sent out by Chinese or Russian military authorities. But if the NSA wants to hack into something, are corporate tech teams going to be able to keep them out?
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
5/24/2015 | 9:57:14 PM
Re: If it's not illegal, it should be
One of the reasons we need to invest in better information security overall -- to thwart all manner of attackers, government or not.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
5/24/2015 | 9:53:31 PM
Google App Store infection
Pretty sophisticated.  Of course, there are far easier ways to infect Android users via the Google Play store...as long as you don't care *which* user you infect.
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
5/23/2015 | 10:19:46 AM
Re: why does this matter?
@yalanand, the problem is that privacy is not really a right protected under the Bill of Rights, at least not explicity. Just like in the United States, you do not have a right to a decent living wage or standard of living. We still have a frontier mentality --- let the fittest survive --- or at least some Americans have that mentality still.
Angelfuego
50%
50%
Angelfuego,
User Rank: Ninja
5/22/2015 | 3:13:49 PM
Re: why does this matter?

 It is a fine line between privacy and protection. It is just another reminder about not putting anything out theret that you wouldn't want exposed. We can never be naive and think that our internet use is one hundred percent secure and safe.

jries921
50%
50%
jries921,
User Rank: Ninja
5/22/2015 | 2:52:08 PM
Re: If it's not illegal, it should be
There are a lot of private institutions I trust even less, especially the ones that are hard to avoid.  But my intent was not to turn the discussion into a shoutfest on the merits of government or lack thereof.

 
yalanand
50%
50%
yalanand,
User Rank: Ninja
5/22/2015 | 2:11:10 PM
Re: why does this matter?
@broadway: I completely agree with you. I think the Constituion of USA should allow provisions for Right to transparency towards spying, if at all that exists. If someone is listening then you can be in trouble for things you probably didn't mean on doing. If this system was created to prevent terrorism then it is not working at all. Moreover look at how long they took to find Osama bin Laden. If this isn't failure then I don't know what is.
yalanand
50%
50%
yalanand,
User Rank: Ninja
5/22/2015 | 2:05:46 PM
Re: why does this matter?
@pjs: Well NSA can get your identity information, and other things like credit card number, passwords of various banking websites and use them against you. Although it shows that it is built to protect citizens, it rightfully isn't so. If anybody wanted to do malice, NSA would be a great place to start.
Page 1 / 2   >   >>
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll