New Leak Shows NSA's Plans To Hijack App Store Traffic To Implant Malware And Spyware
from the a-spy-in-the-house-of-apps dept
Proving there’s nowhere spy agencies won’t go to achieve their aims, a new Snowden leak published jointly by The Intercept and Canada’s CBC News shows the NSA, GCHQ and other Five Eyes allies looking for ways to insert themselves between Google’s app store and end users’ phones.
The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals…
The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google.
Branded “IRRITANT HORN” by the NSA’s all-caps random-name-generator, the pilot program looked to perform man-in-the-middle attacks on app store downloads in order to attach malware/spyware payloads — the same malicious implants detailed in an earlier Snowden leak.
While the document doesn’t go into too much detail about the pilot program’s successes, it does highlight several vulnerabilities it uncovered in UC Browser, a popular Android internet browser used across much of Asia. Citizen Lab performed an extensive examination of the browser for CBC News, finding a wealth of exploitable data leaks. [PDF link for full Citizen Lab report]
In addition to discovering that phone ID info, along with geolocation data and search queries, was being sent without encryption, the researchers also found that clearing the app cache failed to remove DNS information — which could allow others to reconstruct internet activity. Citizen Lab has informed the makers of UC Browser of its many vulnerabilities, something the Five Eyes intelligence agencies obviously had no interest in doing.
But IRRITANT HORN went beyond simply delivering malicious implants to unsuspecting users. The Five Eyes agencies also explored the idea of using compromised communication lines to deliver disinformation and counter-propaganda.
[The agencies] were also keen to find ways to hijack them as a way of sending “selective misinformation to the targets’ handsets” as part of so-called “effects” operations that are used to spread propaganda or confuse adversaries. Moreover, the agencies wanted to gain access to companies’ app store servers so they could secretly use them for “harvesting” information about phone users.
As is the case with each new leak, the involved agencies have either declined to comment or have offered the standard defensive talking points about “legal framework” and “oversight,” but it’s hard to believe any legal mandate or oversight directly OK’ed plans to hijack private companies’ servers for the purpose of spreading malware and disinformation. And, as is the case with many other spy programs, IRRITANT HORN involves a lot of data unrelated to these agencies’ directives being captured and sifted through in order to find suitable targets for backdoors and implants.
Filed Under: app stores, google play, irritant horn, man in the middle, nsa, surveillance
Companies: apple, google
Comments on “New Leak Shows NSA's Plans To Hijack App Store Traffic To Implant Malware And Spyware”
Sun Tzu
Know thy self, know thy enemy.
The closer I look, thy enemy = USA spy agencies.
Re: Sun Tzu
I think you need to go higher
Doesn’t this approach violate and contradict the Secretary of State’s recent address? I’m at a loss for words except for my disgust and ever growing concern on who the “good guys” are anymore. Sad day
Re: Re:
It’s also highly illegal.
But hey, who cares when the terrorists run the anti-terror agencies?
Re: Re: Re:
Lawfull, ….legal is lawyer speak vs the law of the land, a distinction they have no problems forgetting
Re: Re:
I have never seen the NSA as the good guys. More of a necessary evil. But as they continue to attack what the constitution stands for, I see them as an unnecessary evil.
Re: Re: Re:
Neither have I, but they are generally presented as “the good guys” by the current US government who do those tough jobs to allow those (us apparently) to live in a free country. The reality is anything but, as they do what they essentially want to without oversight or consent of the people. I wouldn’t call them the enemy, but that distinction between the good/bad is eroding the more their “selfless deeds” are brought to light.
This attack would be pretty complex as you would need to compromise the TLS transport layer encryption as well as the private key that signed the APK. The former would be relatively easy, especially for a state actor but the latter would be difficult to do at scale since every developer has a unique key. Although for years Android’s “Master Key” vulnerability allowed circumvention of package checking.
https://nakedsecurity.sophos.com/2013/07/10/anatomy-of-a-security-hole-googles-android-master-key-debacle-explained/
I wonder which intelligence agencies knew about that.
Of course they could always go full monty and compromise system apps like Google Play services which have full control over all functions of a device.
Re: Re:
As long as we trust any 3rd party business to provide for our security through Certification then this is not that complex, and neither difficult to compromise.
You already know that the government can and WILL compel any CA to give them a key that will allow them to decrypt communications.
Re: Re: Re:
A) have there been confirmations that the government has compromised a certificate Authority?
B) Would a chinese of russian certificate authority neccisarily kowtow to the US Government?
C) Without third party certification, How do we achieve security? Just taking the website’s word for it wouldn’t work…
Re: Re: Re: Re:
They do not have to compromise them. They just NSL them for it and its kept a secret for example. That is hardly the last tool in their war chest. They also plant NSA operatives in organizations to get to data they want as well.
Re: Re: Re:2 Re:
Umm, a CA giving up the keys is a compromised CA. If the NSA NSLs a cert, then it is a compromised CA.
Of course, I am not conviced the NSA can legally issue a NSL, but thats a minor point.
You still haven’t answered my question about what we should do instead of using a third party authority.
Re: Re: Re:
I don’t think even the CA can decrypt properly encrypted communications… but they can certainly facilitate a man in the middle attack so it’s not properly encrypted in the first place. And the government could be doing this right now, with a gag order so we never find out.
Re: Re: Re: Re:
It is software, if you have a private key, you have a means to decrypt the data.
This is why your trust a CA to keep the two end entities from knowing the others private keys.
In Windows you can created something called a recovery certificate that will allow you to decrypt another’s encrypted file? The same concept could apply here. All we have left is to trust a CA whom is certain fold every which way a corrupt government will tell them too.
There is more than one way to skin this cat! Crypto will only ever be about trust…
DO YOU TRUST A FACELESS ENTITY TO GUARD YOUR SECRETS FROM ANY GOVERNMENT?
If you say yes… then you should consider leaving this discussion.
Re: Re: Re:2 Re:
I don’t think you know what a CA does…
The CA does not create or provide Certificates, they merely sign them so they are “trusted”.
This has little to do with the actual encryption between a TLS enabled client and server. There are at least three legs here (more if you have a web of trust instead of a single trust authority): the client, the server, and the CA. Each of these points have their own private/public key pairs. Data to the client is encrypted using the server’s private key, which the CA most certainly does not have.
If the CA were compromised by an attacker, they still couldn’t decrypt communication between client and server. However, if the attacker was able to intercept traffic as a MitM, what they could do would be impersonate the server using the compromised CA. That way they wouldn’t need to break the encryption, since the client is encrypting the traffic so that the MitM can decrypt it, thinking that they’re talking to the server.
Blaming third-parties for not disobeying government orders is a red herring, anyway. The government should not be allowed to issue such orders. Period.
Re: Re: Re:3 Re:
“Blaming third-parties for not disobeying government orders is a red herring, anyway. The government should not be allowed to issue such orders. Period.”
Amen to that statement
Re: Re:
You don’t need to worry about encryption on phones, when you have the keys to everything.
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
Obligatory Godwin.
What the Nazis were doing was legal and had strict oversight under the Hitler regime too.
Re: Obligatory Godwin.
I do not think Godwin applies here.
Not when people are actually doing things that hitler did. I mean… wtf America?
Do we really have to wait til the very second till trains are hauling some ethic group around to a gas chamber before you fucking wake up?
Re: Re: Obligatory Godwin.
Why yes, I believe we do.
Re: Re: Obligatory Godwin.
they aren’t death camps but there are FEMA camps where the homeless are being forced to go and live at.
Technically the people can leave if they ask to leave and are told they can.
I am sure with barbed wire topped walls and armed patrolling guards the camp administrators won’t have any problem letting people they have rounded up at gunpoint go where they want to.
Thanks a lot NSA for making it utterly impossible for me to ever mock a tin foil hatter again…
It would appear that
The NSA has declared an all-out cyber war on the U.S.A.
Where are our defenses?
Re: It would appear that
What defenses? You are the enemy.
Taking bets that Apple helped the NSA in their google-hijack attempts..any takers?
why am I not surprised ?
Re: Re:
Because Edward Snowden put his life on the line to make the U.S. aware that it is derailing.
That’s why you are not surprised.
Getting back on track still won’t be easy even when clued in.
So how long is it before any company/corporation is refused to allow their products to be sold outside the US? How long do we have before the economy craters due to this global lack of trust? Unless things change, I foresee a massive migration outside the US just to be free of the NSLs.
I have a feeling this is going to come to head and it won’t be pretty.
Re: Re:
better emigrate before they close the borders. You know what they say “history repeats itself, so learn from it”
logjam?
Similar Article
I think this article http://www.theage.com.au/technology/technology-news/australia-a-leader-in-hacking-mobile-phones-snowden-document-reveals-20150521-gh761s.html is related to this NSA’s Plans To Hijack App Store Traffic
Good for the soul, but bad for the bank account.
I guess I’ll simply never understand the absolute inability of the American Public to admit that their Spy Agencies are simply collecting information for the pure purposes of blackmail, defamation and monetary profit and that these spies and their minions are about as concerned over the possibility of terrorist attacks on America, as they are over the possibility of indigestion after lunch in the company cafeteria.
What does it take to finally knock the stolen White Hats off the heads of these now-proven criminals and traitors?
Video confessions on Utube??
—
who cares when the terrorists run the anti-terror agencies?
Re: Re:
Great, maybe they’ll make the world a better place and drone themselves, and then hopefully use the drones on the drones as a parting gift
proud of your experience
How can you sure about this?
i m also a news writer in india. check my awesome Research Related Hanumangarh City. Visit my blog http://www.rj31force.com/
Stop The Spying
How messed up. Their programs just expired and yet they are already planned more malware practice on an extremely high traffic area. http://www.smithsontechnologies.com
Oh ffs, ive only just found this story
Why are’nt these people up on trial already /rhetorical question off
They’ve done these things in secret, some of them breaking the lawful rule of their nation to do it, they harras/prosecute/threaten whistle blowers that reveal the secrets that shouldnt be secret, we made a big enough impression to let them know “hang, i think some folks might have an issue with this”, and what have they done with the peacefull objection…….ignored, continuing, and generally a big fuck you to the public
Anyone who sees no wrong with what their doing, dont give a shit about others, or are willing to sacrifice other peoples privacy because of less of importance benefit to the sacrifice(in the grand scheme of things), something that technologically could most definatly be done in various ways, some ways that keep privacy and technological security intact but dont due to outside influence…..or are’nt technically inclined to realise just exactly what they can with just whats been reported
Ive ranted myself into “lost for words”, im left with my original thought…….FFS
Ffs
“The agencies] were also keen to find ways to hijack them as a way of sending “selective misinformation to the targets’ handsets” as part of so-called “effects” operations”
This is’nt a surveilance tool, this is a propaganda tool disguised as a surveillance tool
Ffs man
No accountability, kept secret, threats made to condition folks to keep it that way, and clearly, a very serious morality problem
Your job is to govern in as peacefull manner as possible, not instigate violence, control, or own people that is not yourself, what right do you have affecting the life beyond your own without that persons consent, in this case, persons explicit NON consent
Our governments with their respective agencies are not governments of freedom, their governments of control……..we as a species will never learn peace, when so many think a lasting peace can be forced
Understanding, empathy, and the caring that comes naturally after when one bothers to give understanding and empathy a shot……..once you care, you cant uncare
Goddamit, this kind of news makes me so frustrated
Im telling ya google/android, i liked your initial ideals, open source etc, but you’ve driven so far from the main road data stealing, play services(closed source) dependant app, auto system app updates with no control on the matter…….telling ya, when the next guy that comes along and understands the needs of privacy/security and has built their os from the ground up against these needs…..im telling ya
Parting thoughts
Warrents are a check against overbearing government
These surveillances are not targeted, everyones a target, they exploit and store everyones info so by the letter of the law, we are all criminals……….the governments we have, are’nt the governments our governments want us to believe………its not just about what their telling us its about what their NOT telling us
A war on internet – were everyone gets a say, not just the authorised
IRRITANT HORN- whats that stand for, those that dont toe the party line huh?
“Minority” but loud voices huh?