Skip to main content

NSA wanted to hijack Google Play Store to send spyware

The National Security Agency (NSA) and its allies planned to use Google's Play Store and the Samsung App Store to launch man-in-the-middle attacks and infect smartphones with malware, The Intercept says.

In a recently unveiled top-secret document, leaked by the former NSA contractor Edward Snowden, it was shown how agents from the 'Five Eyes' alliance (United Kingdom, United States, Australia, Canada, New Zealand) realised, during workshops held in Australia and Canada between November 2011 and February 2012, how much traffic Google Play Store and Samsung App Store generated.

The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables.

As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices, The Intercept writes. The implants could then be used to collect data from the phones without their users noticing.

This technique is called the man-in-the-middle attack. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other, and it would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones.

So basically you thought you installed that new running app, when instead you have spyware on your phone.

The agencies also wanted to send “selective misinformation to the targets’ handsets”, also known as propaganda.