The National Security Agency has been at it again. New documents leaked by Edward Snowden reveal that the NSA and its allies planned to infect smartphones with spyware via the Google Play and Samsung App stores.
The 2012 document outlines the plans of a joint surveillance project among the so-called "Five Eyes" alliance of intelligence agencies from the U.S., Canada, U.K., New Zealand and Australia, to eavesdrop on smartphones around the globe.
The document was published today by CBC News in collaboration with The Intercept. Snowden's leak provides details of workshops held by a unit called the Network Tradecraft Advancement Team, which was made up of spies from each of the "Five Eyes" alliance members, to find new ways to exploit smartphone communications. The agencies involved were the NSA (U.S.), Government Communications Headquarters or GCHQ (U.K.), Communications Security Establishment (Canada), Defence Signals Directorate (Australia) and Government Communications Security Bureau (New Zealand).
With project Irritant Horn, the agencies planned to hijack user's access to the app stores and implant the smartphones with malware allowing the spies to monitor and collect data without the users noticing.
The plan uses a "man in the middle attack" which allowed the agencies to modify the packets passing between the Samsung and Google servers and the targeted smartphones. In other words, when the user downloads an app, the extra spyware is covertly bundled with the app software unbeknownst to the end user. The spy unit also planned to exploit the weakness to send "selective misinformation to the targets' handsets."
The project was particularly interested in target groups in Africa out of concern about "another Arab Spring" and targeted a Google Play server (then called Android Market) in France used to deliver updates across the region. The NSA and its allies were largely surprised by the uprisings across North Africa that began in Tunisia in 2010, and aimed to use this project to avoid being blindsided again. There was particular interest in phones in Senegal, Sudan and the Congo.
The secret workshops also described separate plans to exploit privacy vulnerabilities in the UC Browser app, which is widely used in China and India. The app is one of the most popular mobile web browsers in Asia with a reported half-billion users. Security gaps in the app allowed the agencies to gain access to a treasure trove of information on its user's phones. Snowden's document claims this information allowed the agencies access a communication channel linked to a foreign military unit believed to be plotting "covert activities" in Western countries. UC Browser's parent company, the Alibaba Group, says it has now fixed the security flaw after being informed of the problem by human rights and technology group, Citizen Lab, in April.
It's not clear from the documents whether the phone hacking plans were ever carried out, but it's highly probable, especially given that another document published by Snowden in February revealed that U.S. and British spies were hacking phones through the world's largest SIM manufacturer.
These same flaws could, of course, be taken advantage of by cybercriminals and hackers. Instead of protecting their citizens from these risks by informing Google, Samsung and Alibaba of the weaknesses, the five intelligence agencies chose to exploit the weaknesses for their own ends. Google, Samsung and all five intelligence agencies were unwilling to directly comment on the contents of the leaked document.
As politicians debate what legal surveillance capabilities the NSA should have through bills like The Patriot Act, it's sobering to think of the illegal spying capabilities these agencies also possess.