Five Eyes spies sought to subvert Google, Samsung app stores

By on
Five Eyes spies sought to subvert Google, Samsung app stores

Attempted to plant malware, spread misinformation.

Western spy agencies attempted to redirect user connections to smartphone app stores to plant malware and tamper with data traffic, according to new documents leaked by former United States National Security Agency (NSA) contractor Edward Snowden.

First reported jointly by CBC News and The Intercept, the documents detail a pilot project, code-named Operation IRRITANT HORN, discussed in workshops in Australia and Canada between 2011 and 2012.

IRRITANT HORN is a joint operation between the NSA, the Australian Signals Directorate, the Government Communications Security Bureau (New Zealand), GCHQ in UK and Canada's Communications Security Establishment (CSE).

It aimed to create a man-in-the-middle (MITM) attack that would allow the Five Eyes spy agencies to implant malware on Android devices as they tried to connect to official app stores and update servers.

Furthermore, the agencies sought to plant misinformation to target handsets, and to exploit the app stores to profile these extensively for information gathering.

The spies targeted the UCWeb browser in particular, which a British Government Communications Headquarters (GCHQ) analyst had discovered leaked plenty of information about mobile devices, during a Signals Directorate workshop.

Device information leaked by UCWeb included data such as the international mobile subscriber identity and international mobile station equipment identity (IMSI and IMEI) identifiers. UCWeb would also reveal information about the devices themselves.

Analysts developed plugins for the XKEYSCORE search engine front end that would single out worldwide internet traffic patterns obtained from intercepts related to Samsung and Google update and app servers, as well as for UCWeb.

XKEYSCORE fingerprints to identify mobile carriers, Samsung and Google app stores have been deployed among the Five Eyes spy agencies, the documents say.

None of the signals intelligence agencies would provide comment to The Intercept on the matter, nor would Google and Samsung.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?