Report: NSA hijacked app stores to hack phones
The National Security Agency planned to infiltrate the Google and Samsung app stores to plant spying software on smartphones, according to new documents published from files leaked by Edward Snowden.
The Intercept and CBC News jointly published the documents Thursday, which outline the snooping efforts designed by the U.S. and its “Five Eyes” alliance: Canada, the United Kingdom, New Zealand and Australia.
{mosads}The intelligence agencies came up with the strategy as a potential way to hack smartphones. The pilot project was code-named “IRRITANT HORN.”
Essentially, the agents sussed out smartphone Internet traffic by browsing through its Web traffic database created under the XKeyscore program. They would then track down those phones’ connections to an app marketplace. Once identified, agents could hijack that connection to the app store and use it as a delivery system to plant spyware on the device.
These “implants” could gather data from the phone, including emails, texts, browsing history, call logs, videos and photos.
Previous Snowden disclosures revealed the Five Eyes agencies were collecting this type of information, but it was unclear what methods they were using.
Hijacking the app store connection also gave spies a permanent connection to the phone that allowed them to send “selective misinformation to the targets’ handsets.”
This tactic was apparently part of a broader attempt to monitor and possibly mitigate future Middle East and North Africa uprisings similar to the “Arab Spring” protests that swept the region in 2010 and 2011.
Delivering malicious software through infected smartphone apps is an increasingly popular method for hackers to access smartphones.
Apple had to block hundreds of apps last November after it was revealed Chinese hackers had been using them as a Trojan horse to get malware onto Chinese iPhone users.
Cyber thieves were also caught replacing trusted apps with nefarious imitators in the Apple App Store.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..