NSA wanted to hack the Android store

A newly published Snowden leak reveals that the NSA planned to hack the Android store so that it could covertly install malware on its targets' phones.

The plan, codenamed IRRITANT HORN, involved exploiting a bug in a browser from Alibaba that is used by hundreds of millions of people, which the NSA kept a secret, leaving all those users vulnerable to attacks from criminals and other spy agencies.

Update: Here's the original research on the program from the always-excellent Citizenlab at the University of Toronto.

Their goal, in tapping into UC Browser and also looking for larger app store vulnerabilities, was to collect data on suspected terrorists and other intelligence targets — and, in some cases, implant spyware on targeted smartphones.

The 2012 document shows that the surveillance agencies exploited the weaknesses in certain mobile apps in pursuit of their national security interests, but it appears they didn't alert the companies or the public to these weaknesses. That potentially put millions of users in danger of their data being accessed by other governments' agencies, hackers or criminals.

"All of this is being done in the name of providing safety and yet … Canadians or people around the world are put at risk," says the University of Ottawa's Michael Geist, one of Canada's foremost experts on internet law.

Spy agencies target mobile phones, app stores to implant spyware [Amber Hildebrandt and Dave Seglins/CBC]

(via The Intercept)

Notable Replies

  1. "the Android store?" Which Android store?

    Google Play? The Amazon App Store? One of the many OEM-run offerings?

    Yeah, I read TFA so I know what they're actually talking about. My point is that there isn't one monolithic app store for Android.

  2. Planned back in 2012? So we can assume this is currently in place?

  3. A newly published Snowden leak

    Um... Just how many of these are sitting around, and shouldn't they be published before it's Too Late?

  4. enso says:

    Nope. None of them even left Hong Kong with him (as Greenwald and he have explained).

    I really do suggest you read the history of this and Greenwald's book.

    Snowden very specifically did not want to just dump documents on the world. He thought that it wouldn't be useful (too much data), could compromise things that shouldn't actually be compromised, and might even get some folks named in them (or using things in them) killed. He specifically gave the documents to journalists to avoid this and to take himself out of the equation. He doesn't tell Greenwald and others what to publish. Those folks decide on their own in their role as journalists. They decide what the public needs to know. Snowden's role in this is done with the handover beyond him giving some commentary.

    You may not like this but this is how it is and nothing is going to change it unless Greenwald or Poitras just put the docs up on bittorrent, which they aren't going to do.

  5. Remember when Wikileaks got the big mass of docs (I think from Manning, but I could be wrong) and released them all in one go? Remember any story that came out from that?

    The problem is that too much information at once lessens the impact, whereas drip feeding, whilst frustrating, lets each separate bit of information actually hit home.

Continue the discussion bbs.boingboing.net

18 more replies