The NSA hatched a plan that would allow the agency to infect smartphones with malware by hijacking the Google Play and Samsung and the Samsung App Store, according to documents obtained by Edward Snowden.
The documents, dated 2011 and 2012 and published by The Intercept Thursday, outline a plan codenamed “irritant horn”. The plan’s goal: find ways to exploit the connection between smartphones and app stores to allow the NSA — along with its counterparts in Canada, the U.K, New Zealand and Australia — to inject data-collecting malware into users’ phones.
It’s not clear whether the plan was ever carried out; the documents are apparently from internal workshops. But they highlight the security agencies’ interest in finding new ways to hack into individual smartphones.
UC Browser apparently makes large amounts of user data accessible, which the documents describe as creating “opportunity where potentially none may have existed before.”
Citizen Lab, a research group out of the University of Toronto, analyzed UC Browser. In its report published Thursday, the lab said it found “a series of major security and privacy issues in the English language and Chinese language editions of the Android version of UC Browser … both versions of the application leak a significant amount of personal and personally-identifiable data.”
The report continued: “Any network operator or in-path actor on the network can acquire a user’s personally identifiable information (including cellular subscriber information, mobile device identifiers, geolocation data, and search queries).”