Five Eyes looked to hijack Android phone data

The NSA and its allies planned to hijack data links to Google and Samsung app stores to infect Android smartphones with tracking and control spyware enabling them to host man-in-the-middle attacks, reportedly in response to the Arab Spring uprisings in the Middle East.

The revelations were made in newly released secret documents from NSA whistleblower Edward Snowden, published Wednesday by CBC News and The Intercept.

A joint electronic eavesdropping unit, called the Network Tradecraft Advancement Team, (comprising intelligence agencies from each of the “Five Eyes” alliance — the US, Canada, UK, New Zealand and Australia) sought new ways conduct surveillance via smartphones. They used the Internet spying system XKEYSCORE to identify smartphone traffic on Internet cables and then track down smartphone connections to app marketplace servers operated by Samsung and Google.

A pilot project codenamed 'IRRITANT HORN', entailed hacking and hijacking phone users' connections to app stores to send data-collecting malware to targeted devices.

Content of data packets passing between targeted smartphones and the app servers was to be modified, while an app was being downloaded or updated. Another aim was also to send “selective misinformation to the targets' handsets” to spread propaganda , while access to app store servers would enable harvesting of information about phone users themselves.

The secret workshops also found privacy vulnerabilities in UC Browser, used by 500 million people to browse the Internet across Asia, particularly in China and India.

Sign up to our newsletters