The NSA’s plan to ‘hijack’ Android app stores

The NSA hatched a plan that would allow the agency to infect smartphones with malware by hijacking the Google Play and Samsung and the Samsung App Store, according to documents obtained by Edward Snowden.

The documents, dated 2011 and 2012 and published by The Intercept Thursday, outline a plan codenamed “irritant horn”. The plan’s goal: find ways to exploit the connection between smartphones and app stores to allow the NSA — along with its counterparts in Canada, the U.K, New Zealand and Australia — to inject data-collecting malware into users’ phones.

It’s not clear whether the plan was ever carried out; the documents are apparently from internal workshops. But they highlight the security agencies’ interest in finding new ways to hack into individual smartphones.

imageedit_2_3992627251

imageedit_1_8315328538

The documents also suggest that the agencies uncovered security vulnerabilities within UC Browser, an Android browser extremely popular in Asia.

UC Browser apparently makes large amounts of user data accessible, which the documents describe as creating “opportunity where potentially none may have existed before.”

Citizen Lab, a research group out of the University of Toronto, analyzed UC Browser. In its report published Thursday, the lab said it found “a series of major security and privacy issues in the English language and Chinese language editions of the Android version of UC Browser … both versions of the application leak a significant amount of personal and personally-identifiable data.”

The report continued: “Any network operator or in-path actor on the network can acquire a user’s personally identifiable information (including cellular subscriber information, mobile device identifiers, geolocation data, and search queries).”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s