How Security Agencies Hijacked App Stores to Covertly Install Spyware on Smartphones

Rafia Shaikh
Posted May 22, 2015
19Shares
Share Tweet Submit

So we already know about NSA’s eagerness to know about everything happening in the world by conducting blind mass surveillance. There also have been several instances especially after Edward Snowden leaks when we got to know exactly who was targeted and what programs were used to spy on entire governments and some lucky German ministers.

In another Snowden-leaked document, it is revealed that NSA and its allies were interested in getting into a large number of Google accounts and trigger mass installation of spyware apps remotely. Without the user ever having to know about it.

While it may sound very unrealistic to some, it actually isn’t. The top-secret document reveals how NSA and its so-called Five Eyes allies of USA, Canada, UK, New Zealand, and Australia were working on a program to hijack smartphone connections to Samsung and Google’s app stores through man-in-the-middle attacks.

How it worked…

Dubbed as Network Tradecraft Advancement Team, the operation included agents from all the five countries. The pilot project of this electronic eavesdropping unit and the NSA is codenamed IRRITANT HORN. The unit targeted Google and Samsung stores servers where phones get directed for app downloads and updates. Considering critical points if exploited, the group worked on a method using XKEYSCORE spying system (tool to identify targets by matching smartphone to the victim’s online activities) to identify phone traffic coming to these servers. The ultimate aim was to be able to send malicious data implants to the targeted devices.

Under this IRRITANT HORN project, team intended to target Google App Store servers, sit in between the smartphone users and servers (in a typical MitM fashion) and have access to and the ability to modify any communication between the two after identifying its targets.

NSA covertly installing spyware on targeted mobile phones:

By having the ability to modify the content packets of the transmitted communications between smartphones and App Store servers, spy agencies were capable of inserting spyware onto smartphones and essentially take control of the device. The user, in all of it, would have no idea of someone being able to covertly extract the data from her smartphone.

The story doesn’t end here though. In their plans being discussed in 2011 and 2012 (and possibly under works by now), the five alliances also investigated the possibility of hijacking connections and send “misinformation to targets’ handsets.”

In this process, Five Eyes team also uncovered security gaps in the UC Browser app owned by Alibaba Group. The browser is used predominantly in China and India by about half a billion users. UC Browser app leaked SIM card numbers, phone numbers, device IDs and other data about its users to servers in China. However, security agencies never prompted Alibaba Group or any other authority to have these loopholes fixed putting millions of users’ security at risk.

Canada-based, human rights organization, Citizen Lab, later alerted the Chinese e-commerce giant which has reportedly patched the browser app now.

While NSA and its allies have been and always would keep on justifying this extreme level of access to users’ devices and data with national security, privacy activists consider it a serious concern. After all, once these loopholes are created, it won’t only be the secretive agencies capable of getting into our lives without a knock…

– Source and extensive details can be found at CBC.

Share Tweet Submit