Snowden latest: NSA planned sneak attacks on Android app stores

Agencies also hid major flaws in UC Browser

10 Reg comments Got Tips?

The latest package of documents from whistleblower Edward Snowden details how the intelligence services planned to host man-in-the-middle attacks to install tracking and control software onto Android smartphones.

According to a presentation released from the Snowden archive to The Intercept the so-called "5 Eyes" nation's intelligence agencies – from the US, UK, Canada, Australia, and New Zealand – spent 2011 and 2012 working out ways to subvert connections to popular app stores, such as those run by Google and Samsung, in a project dubbed IRRITANT HORN.

That the intelligence services are working on software that can subvert iOS, Android and other smartphone operating systems isn't new. But the presentation details how operatives could intercept communications between app servers and customers to install code that could harvest personal information and even display disinformation on handsets.

The spur for this effort was the Arab Spring uprisings in the Middle East and Africa. The intelligence agencies reasoned that in such a situation then it needed to be able to put out software that could influence actions on the ground.

To do so the intelligence team targeted app servers in Africa, France and other companies' app download servers in Cuba, Morocco, Switzerland, Bahamas, the Netherlands and Russia. It appears code wasn't inserted on the servers themselves.

To aid this program the document details how the intelligence services hacking team found numerous security holes in the UC browser, which has half a billion users, predominantly in Asia and the Indian subcontinent.

These security flaws were actively used by the intelligence agencies to harvest personal information and install software for testing and tracking purposes, and the developer of the code, UCWeb, was never informed.

Canadian non-profit Citizen Lab has now compiled a full report into vulnerabilities and they have now been fixed. Citizen Lab Director Ron Deibert said that while the intelligence community's actions "may make sense from a very narrow national security mindset but it's at the expense of the privacy and security of hundreds of millions of users worldwide." ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

New Google rules mandate Android 'Poundland' Edition, Go, for sub-2GB RAM phones once Android 11 is out

Chocolate Factory actively pushing lightweight OS on less powerful devices

Android 11 will let users stop device-makers from killing background apps, says Google

Users will be able to 'override ... restrictions' on phones and other kit, says engineering team

Google promises another low-end Android effort as it buys into Indian mega-carrier Jio Platforms

$4.5bn splash turns out to be first installment in $10bn ‘Digitisation fund’ and development template for new products

Commit to Android codebase suggests Google may strong-arm phone makers into using 'seamless' partitioned updates

Such a move could standardise deployment of new versions, rather than it being at the whim of OEMs

FBI, NSA to hackers: Let us be blunt. Weed need your help. We'll hire you even if you've smoked a little pot in the past

Black Hat Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs

My eyes thank you, Google: Android to get dark mode scheduling in future update

The feature was originally ditched over quality control issues

FYI: FBI raiding NSA's global wiretap database to probe US peeps is probably illegal, unconstitutional, court says

Analysis A data silo we didn't know existed until a certain IT admin went rogue

A lot has changed since Android 11 was but a twinkle in Google's eye – so mobile OS has been delayed a month

'Extra time for you to test,' you lucky, lucky developers

Biting the hand that feeds IT © 1998–2020