Another day, another cynicism-inducing reminder that the NSA hasn’t just been unlawfully dragnet spying on our digital lives, it has also rigged up new and complicated techniques to do so, like hijacking app stores to put spyware on smartphones.
Documents obtained by Edward Snowden and published by the CBC and The Intercept outline this surveillance plan: As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
We already knew that the NSA and our own GCHQ were trying to exploit weak spots in apps like Angry Birds to collect personal data, but this new information shows us how they intended to do so, by tracking internet traffic from smartphones to pinpoint their connections to Android and Samsung marketplace servers in order to attack them and insert spyware.
In addition to using these “implants” for plain old spying, the agencies also intended to use hijacked phones to send bad information to targets. And it successfully discovered a security hole in UCBrowser, a web browser popular in India and China, that it used to collect personal information leaking from phones.