Report: NSA planned to hijack Google and Samsung app stores to spy on phones

Nation Security Agency (NSA) of the US and its partners (Five Eyes) planned to attack Samsung Electronics Co. alongside Google Play app stores as a part of a venture to spy on the smartphones a couple of years.

A newly published Adward Snowden leak discloses that the NSA intended to attack the Google Play and Samsung Android store so they could easily install a malware on their targets’ smartphones.

Infiltrators from the NSA and its cooperates (know as Fiver Eyes collectively) being Canada, Australia, UK, US and the New Zealand, created a surveillance group named the “Network Tradecraft Advancement Team”, as per documents released by The Intercept. Workshops were held in the middle of Nov 2011 and Feb 2012 to discover the best way to get spyware implanted onto mobiles to increase data-gathering capacities.

Another main consequence of the private workshops was the organizations’ detection of private vulnerabilities in UC Browser, a well-known application utilized by large number of users all through Asia as a browser, specifically in India and China. Although UC Browser is not much popular in European nations, its huge Asian consumer base of almost half billion folks, consider it one of the most popular smartphone browsers on the globe.

As per The Intercept statement, “The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.”

The document which was released by Snowden don’t particularly say that the NSA or its partners ventured to utilize Irritant Horn in America, however it looks a real and practical option. NSA do, but, indicate that allies’ nations succeeded to discover and exploit a vulnerability in the US Browser.

Google has occupied numerous hits in 2015 on the supposed lack of privacy in the Google Store. It increased application review procedures in reply, however has a lengthy method to go to completely restore consumer confidence.

The University of Toronto group Citizenlab completed its research on the initiative, below:

Their goal, in tapping into UC Browser and also looking for larger app store vulnerabilities, was to collect data on suspected terrorists and other intelligence targets — and, in some cases, implant spyware on targeted smartphones.

The 2012 document shows that the surveillance agencies exploited the weaknesses in certain mobile apps in pursuit of their national security interests, but it appears they didn’t alert the companies or the public to these weaknesses. That potentially put millions of users in danger of their data being accessed by other governments’ agencies, hackers or criminals.

“All of this is being done in the name of providing safety and yet … Canadians or people around the world are put at risk,” says the University of Ottawa’s Michael Geist, one of Canada’s foremost experts on internet law.

It would be good to see that The Giant was capable to hunt out the prospective for the National Security Agency’s man-in-the-middle method to the Google Play Store and also to resolve it.

Guys do you really believe it did? Express your thoughts in the comments box given below.

Ali Raza Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a Master degree, now he combines his passions for writing about internet security and technology for SecurityGladiators. When he is not working, he loves traveling and playing games.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.