informa
/
Commentary

NSA Wanted To Hack Google App Store, Infect Android Phones

The NSA and its Five Eyes allies researched a man-in-the-middle attack to infect Android smartphone users by hacking Google's App Store. It's the last revelation from Edward Snowden.
Plan X: DARPA's Revolutionary Cyber Security Platform
Plan X: DARPA's Revolutionary Cyber Security Platform
(Click image for larger view and slideshow.)

The NSA hits just keep coming. New documents leaked by Edward Snowden show the National Security Agency wanted to intercept the connection between Android smartphones and the Google Play Store in order to install spyware.

Spies from the Five Eyes alliance, including Australia, Canada, New Zealand, the UK, and the US, developed a surveillance unit called the Network Tradecraft Advancement Team, according to documents published by The Intercept. The countries held workshops between November 2011 and February 2012 to explore how best to get spyware onto smartphones to improve information-gathering capabilities.

During that time they cooked up this particular scheme.

The pilot project was named "Irritant Horn." The agencies were able to discern how smartphone traffic moved across internet cables between the device itself and the servers run by Google's and Samsung's app stores. It was here the agencies planned to stage man-in-the-middle attacks in order to implant spyware onto smartphones. The figured out how to futz with the data as it passed from the Play Store to the target's smartphone while the user downloaded and installed legit apps.

Once the spyware was covertly installed on smartphones, the agencies could then use it to collect the data from the device without the owner ever being aware. Some of the data included emails, texts, Web history, call records, videos, photos, and other stored files, according to the leaked documents.

Beyond merely spying, the agencies also wanted to send "selective misinformation to the targets' handsets" in order to spread propaganda or confusion amongst adversaries.

The agencies apparently hoped to target users in select nations in Africa, such as Tunisia, Senegal, Sudan, and the Congo, where unrest was common at the time. Had the unrest unfolded in grander scale, Irritant Horn would have been more fully put to use.

The agencies were also positioned to use the methodology in France, Switzerland, the Netherlands, Russia, Cuba, and the Bahamas.

[Read about Google, Apple, and mobile data privacy.]

Snowden's documents don't specifically state that the NSA or its allies planned to use Irritant Horn in the US, but it seems a real possibility. They do, however, show that the Five Eyes countries managed to find and exploit a weakness in the UC Browser, which boasts more than half a billion users across Asia. The agencies were able to use the browser's weakness to mine user data.

Earlier this year Citizen Lab, a Toronto-based human rights research group, discovered the weakness and brought it to the attention of UC Browser's developers. The company patched the weakness with a recent update to the app.

None of the country's spy agencies offered comment on The Intercept's revelations, and neither did Google or Samsung.

Google has taken a number of hits this year on the purported lack of security in the Play Store. It bulked up app review processes in response, but has a long way to go to fully restore user confidence.

It would be nice to know that Google was able to ferret out the potential for the NSA's man-in-the-middle approach to the Play Store and resolve it.

Do you think it did? Tell us in the comments section below.

[Did you miss any of the InformationWeek Conference in Las Vegas last month? Don't worry: We have you covered. Check out what our speakers had to say and see tweets from the show. Let's keep the conversation going.]