NSA wanted to hack the Android store

A newly published Snowden leak reveals that the NSA planned to hack the Android store so that it could covertly install malware on its targets' phones.

The plan, codenamed IRRITANT HORN, involved exploiting a bug in a browser from Alibaba that is used by hundreds of millions of people, which the NSA kept a secret, leaving all those users vulnerable to attacks from criminals and other spy agencies.

Update: Here's the original research on the program from the always-excellent Citizenlab at the University of Toronto.

Their goal, in tapping into UC Browser and also looking for larger app store vulnerabilities, was to collect data on suspected terrorists and other intelligence targets — and, in some cases, implant spyware on targeted smartphones.

The 2012 document shows that the surveillance agencies exploited the weaknesses in certain mobile apps in pursuit of their national security interests, but it appears they didn't alert the companies or the public to these weaknesses. That potentially put millions of users in danger of their data being accessed by other governments' agencies, hackers or criminals.

"All of this is being done in the name of providing safety and yet … Canadians or people around the world are put at risk," says the University of Ottawa's Michael Geist, one of Canada's foremost experts on internet law.

Spy agencies target mobile phones, app stores to implant spyware [Amber Hildebrandt and Dave Seglins/CBC]

(via The Intercept)

Start the discussion at bbs.boingboing.net