New top-secret documents leaked by the whistleblower Edward Snowden revealed that the NSA and its allies of the Five Eyes group (United States, United Kingdom, Canada, New Zealand and Australia) planned to hijack Google and Samsung app stores in order to serve spyware on Android devices.
The surveillance operation was organized by members of the Network Tradecraft Advancement Team, composed by experts and cyber spies from the Five Eyes intelligence alliance.
The new collection of documents was leaked online by The Intercept in collaboration with journalists at CBC News, the files revealed a joint effort of the intelligence agencies to exploit vulnerabilities in the mobile browsers for the purpose of surveillance .
“Canada and its spying partners exploited weaknesses in one of the world’s most popular mobile browsers and planned to hack into smartphones via links to Google and Samsung app stores, a top secret document obtained by CBC News shows.” states the post published by CBC News.
The goal of the IRRITANT HORN was to compromise servers behind the official Google and Samsung app stores in order to distribute surveillance malware on the victim’s smartphone.
The idea behind the Irritant Horn project is very simple, cyber spies wanted to serve spyware on mobile devices running man-in-the-middle attacks to inject malicious data transmitting between the App store servers and the end-user mobile device. The malware implanted with this technique allows the intelligence agencies to control user’s devices and exfiltrate data from it.
The documents refer to the activities conducted by the Network Tradecraft Advancement Team during the workshops held in Canada and Australia between November 2011 and February 2012.
The documents also revealed that cyber spies used the hacking platform “XKeyScore” for the selection of targets, the intelligence was able to identify victims by combining the data on their mobile devices with their online activities.
According to the documents leaked by Snowden the NSA and its allies were focused on the exploitation of privacy vulnerabilities in the popular mobile Internet browsers UC Browser. The choice of the UC Browser is not casual, the application is used by more than half a Billion individuals in China and India.
The hackers working for the intelligence exploited the flaws in the UC Browser to monitor activities of mobile devices used by suspected terrorists and other persons of interest.
The experts at the technology research group in Toronto, Citizen Lab, confirmed that the presence of several “major security and privacy issues” in the English and Chinese editions of the UC Browsers, it is easy to imagine how the flaws were exploited by the attackers to target potentially million users.
“Of course, the user of this application has no idea that this is going on,” says Ron Deibert, director of the Citizen Lab. “They just assume when they open a browser that the browser’s doing what it should do. But, in fact, it’s leaking all this information.“