Five Eyes Hijacked Google App Store to Install Spyware on Devices

So we already know about NSA'southward eagerness to know about everything happening in the world by conducting blind mass surveillance. In that location besides have been several instances especially after Edward Snowden leaks when nosotros got to know exactly who was targeted and what programs were used to spy on entire governments and some lucky German ministers.

In some other Snowden-leaked document, it is revealed that NSA and its allies were interested in getting into a large number of Google accounts and trigger mass installation of spyware apps remotely. Without the user ever having to know about it.

While it may sound very unrealistic to some, it actually isn't. The tiptop-undercover document reveals how NSA and its so-calledV Eyesallies of USA, Canada, UK, New Zealand, and Australia were working on a program to hijack smartphone connections to Samsung and Google's app stores throughhuman being-in-the-middleattacks.

How it worked...

Dubbed every bitNetwork Tradecraft Advancement Squad, the operation included agents from all the v countries. The airplane pilot project of this electronic eavesdropping unit and the NSA is codenamedIRRITANT HORN. The unit targeted Google and Samsung stores servers where phones get directed for app downloads and updates. Considering disquisitional points if exploited, the group worked on a method usingXKEYSCOREspying system (tool to identify targets by matching smartphone to the victim'due south online activities) to place phone traffic coming to these servers. The ultimate aim was to be able to ship malicious informationimplantsto the targeted devices.

Under this IRRITANT HORN projection, team intended to target Google App Shop servers, sit in betwixt the smartphone users and servers (in a typical MitM fashion) and have access to and the ability to modify whatever advice between the two afterward identifying its targets.

NSA covertly installing spyware on targeted mobile phones:

By having the ability to modify the content packets of the transmitted communications between smartphones and App Shop servers, spy agencies were capable of inserting spyware onto smartphones and substantially take control of the device. The user, in all of information technology, would accept no idea of someone being able to covertly extract the data from her smartphone.

The story doesn't end here though. In their plans being discussed in 2022 and 2022 (and possibly under works by now), the 5 alliances also investigated the possibility of hijacking connections and send "misinformation to targets' handsets."

In this process, 5 Eyes team also uncovered security gaps in the UC Browser app owned past Alibaba Group. The browser is used predominantly in Cathay and India past nigh half a billion users. UC Browser app leaked SIM card numbers, telephone numbers, device IDs and other data well-nigh its users to servers in China. All the same, security agencies never prompted Alibaba Grouping or any other authority to have these loopholes stock-still putting millions of users' security at adventure.

Canada-based, human rights arrangement, Citizen Lab, subsequently alerted the Chinese east-commerce giant which has reportedly patched the browser app now.

While NSA and its allies have been and always would keep on justifying this farthermost level of access to users' devices and data with national security, privacy activists consider it a serious concern. Afterward all, once these loopholes are created, it won't only be the secretive agencies capable of getting into our lives without a knock...

-Source and extensive details can be plant at CBC.