New Leak Shows NSA's Plans To Hijack App Store Traffic To Implant Malware And Spyware
from the a-spy-in-the-house-of-apps dept
Proving there's nowhere spy agencies won't go to achieve their aims, a new Snowden leak published jointly by The Intercept and Canada's CBC News shows the NSA, GCHQ and other Five Eyes allies looking for ways to insert themselves between Google's app store and end users' phones.
The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals…
The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google.
Branded "IRRITANT HORN" by the NSA's all-caps random-name-generator, the pilot program looked to perform man-in-the-middle attacks on app store downloads in order to attach malware/spyware payloads -- the same malicious implants detailed in an earlier Snowden leak.
While the document doesn't go into too much detail about the pilot program's successes, it does highlight several vulnerabilities it uncovered in UC Browser, a popular Android internet browser used across much of Asia. Citizen Lab performed an extensive examination of the browser for CBC News, finding a wealth of exploitable data leaks. [PDF link for full Citizen Lab report]
In addition to discovering that phone ID info, along with geolocation data and search queries, was being sent without encryption, the researchers also found that clearing the app cache failed to remove DNS information -- which could allow others to reconstruct internet activity. Citizen Lab has informed the makers of UC Browser of its many vulnerabilities, something the Five Eyes intelligence agencies obviously had no interest in doing.
But IRRITANT HORN went beyond simply delivering malicious implants to unsuspecting users. The Five Eyes agencies also explored the idea of using compromised communication lines to deliver disinformation and counter-propaganda.
[The agencies] were also keen to find ways to hijack them as a way of sending “selective misinformation to the targets’ handsets” as part of so-called “effects” operations that are used to spread propaganda or confuse adversaries. Moreover, the agencies wanted to gain access to companies’ app store servers so they could secretly use them for “harvesting” information about phone users.As is the case with each new leak, the involved agencies have either declined to comment or have offered the standard defensive talking points about "legal framework" and "oversight," but it's hard to believe any legal mandate or oversight directly OK'ed plans to hijack private companies' servers for the purpose of spreading malware and disinformation. And, as is the case with many other spy programs, IRRITANT HORN involves a lot of data unrelated to these agencies' directives being captured and sifted through in order to find suitable targets for backdoors and implants.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: app stores, google play, irritant horn, man in the middle, nsa, surveillance
Companies: apple, google
Reader Comments
Subscribe: RSS
View by: Time | Thread
Sun Tzu
The closer I look, thy enemy = USA spy agencies.
[ link to this | view in chronology ]
Re: Sun Tzu
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
But hey, who cares when the terrorists run the anti-terror agencies?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
https://nakedsecurity.sophos.com/2013/07/10/anatomy-of-a-security-hole-googles-android-master-key-de bacle-explained/
I wonder which intelligence agencies knew about that.
Of course they could always go full monty and compromise system apps like Google Play services which have full control over all functions of a device.
[ link to this | view in chronology ]
Re:
You already know that the government can and WILL compel any CA to give them a key that will allow them to decrypt communications.
[ link to this | view in chronology ]
Re: Re:
B) Would a chinese of russian certificate authority neccisarily kowtow to the US Government?
C) Without third party certification, How do we achieve security? Just taking the website's word for it wouldn't work...
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Of course, I am not conviced the NSA can legally issue a NSL, but thats a minor point.
You still haven't answered my question about what we should do instead of using a third party authority.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
This is why your trust a CA to keep the two end entities from knowing the others private keys.
In Windows you can created something called a recovery certificate that will allow you to decrypt another's encrypted file? The same concept could apply here. All we have left is to trust a CA whom is certain fold every which way a corrupt government will tell them too.
There is more than one way to skin this cat! Crypto will only ever be about trust...
DO YOU TRUST A FACELESS ENTITY TO GUARD YOUR SECRETS FROM ANY GOVERNMENT?
If you say yes... then you should consider leaving this discussion.
[ link to this | view in chronology ]
Re: Re: Re: Re:
The CA does not create or provide Certificates, they merely sign them so they are "trusted".
This has little to do with the actual encryption between a TLS enabled client and server. There are at least three legs here (more if you have a web of trust instead of a single trust authority): the client, the server, and the CA. Each of these points have their own private/public key pairs. Data to the client is encrypted using the server's private key, which the CA most certainly does not have.
If the CA were compromised by an attacker, they still couldn't decrypt communication between client and server. However, if the attacker was able to intercept traffic as a MitM, what they could do would be impersonate the server using the compromised CA. That way they wouldn't need to break the encryption, since the client is encrypting the traffic so that the MitM can decrypt it, thinking that they're talking to the server.
Blaming third-parties for not disobeying government orders is a red herring, anyway. The government should not be allowed to issue such orders. Period.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Amen to that statement
[ link to this | view in chronology ]
Re:
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
[ link to this | view in chronology ]
Obligatory Godwin.
[ link to this | view in chronology ]
Re: Obligatory Godwin.
Not when people are actually doing things that hitler did. I mean... wtf America?
Do we really have to wait til the very second till trains are hauling some ethic group around to a gas chamber before you fucking wake up?
[ link to this | view in chronology ]
Re: Re: Obligatory Godwin.
[ link to this | view in chronology ]
Re: Re: Obligatory Godwin.
Technically the people can leave if they ask to leave and are told they can.
I am sure with barbed wire topped walls and armed patrolling guards the camp administrators won't have any problem letting people they have rounded up at gunpoint go where they want to.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
It would appear that
Where are our defenses?
[ link to this | view in chronology ]
Re: It would appear that
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
That's why you are not surprised.
Getting back on track still won't be easy even when clued in.
[ link to this | view in chronology ]
I have a feeling this is going to come to head and it won't be pretty.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Similar Article
[ link to this | view in chronology ]
Good for the soul, but bad for the bank account.
What does it take to finally knock the stolen White Hats off the heads of these now-proven criminals and traitors?
Video confessions on Utube??
---
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
proud of your experience
i m also a news writer in india. check my awesome Research Related Hanumangarh City. Visit my blog http://www.rj31force.com/
[ link to this | view in chronology ]
Stop The Spying
[ link to this | view in chronology ]
Why are'nt these people up on trial already /rhetorical question off
They've done these things in secret, some of them breaking the lawful rule of their nation to do it, they harras/prosecute/threaten whistle blowers that reveal the secrets that shouldnt be secret, we made a big enough impression to let them know "hang, i think some folks might have an issue with this", and what have they done with the peacefull objection.......ignored, continuing, and generally a big fuck you to the public
Anyone who sees no wrong with what their doing, dont give a shit about others, or are willing to sacrifice other peoples privacy because of less of importance benefit to the sacrifice(in the grand scheme of things), something that technologically could most definatly be done in various ways, some ways that keep privacy and technological security intact but dont due to outside influence.....or are'nt technically inclined to realise just exactly what they can with just whats been reported
Ive ranted myself into "lost for words", im left with my original thought.......FFS
[ link to this | view in chronology ]
"The agencies] were also keen to find ways to hijack them as a way of sending “selective misinformation to the targets’ handsets” as part of so-called “effects” operations"
This is'nt a surveilance tool, this is a propaganda tool disguised as a surveillance tool
Ffs man
No accountability, kept secret, threats made to condition folks to keep it that way, and clearly, a very serious morality problem
Your job is to govern in as peacefull manner as possible, not instigate violence, control, or own people that is not yourself, what right do you have affecting the life beyond your own without that persons consent, in this case, persons explicit NON consent
Our governments with their respective agencies are not governments of freedom, their governments of control........we as a species will never learn peace, when so many think a lasting peace can be forced
Understanding, empathy, and the caring that comes naturally after when one bothers to give understanding and empathy a shot........once you care, you cant uncare
Goddamit, this kind of news makes me so frustrated
Im telling ya google/android, i liked your initial ideals, open source etc, but you've driven so far from the main road data stealing, play services(closed source) dependant app, auto system app updates with no control on the matter.......telling ya, when the next guy that comes along and understands the needs of privacy/security and has built their os from the ground up against these needs.....im telling ya
Parting thoughts
Warrents are a check against overbearing government
These surveillances are not targeted, everyones a target, they exploit and store everyones info so by the letter of the law, we are all criminals..........the governments we have, are'nt the governments our governments want us to believe.........its not just about what their telling us its about what their NOT telling us
A war on internet - were everyone gets a say, not just the authorised
[ link to this | view in chronology ]
"Minority" but loud voices huh?
[ link to this | view in chronology ]