The NSA wanted to introduce malware on Google Play and then monitor users

Malware, ie an application with a malicious key, somehow belongs to smartphones and it is recommended to monitor how we grant the given permission to the given title of installation. However, when the information appears that she has a government agency on her surveillance phone through such applications, it is an unprecedented situation.

The first of these was the fully American NSA (National Security Agency), ie modify the sending of malware to official application portals and then monitor the infected device without the user’s knowledge. This is the result of newly released NSA’s top-secret documents by Edward Snowden, who released The Intercept in recent days.

The file with the well-known name Irritant Horn, ie the hard corner, describes the full NSA, how to infect Android phones using the official catalog of games and applications from Google (Play) and Samsung (Samsung apps).

The unit worked with the Network Tradecraft Advancement Team, which brought together pioneers from several countries, including the United States, Canada, Australia, the United Kingdom and New Zealand. The dark agent was referred to as The Five Eyes.

According to the documents, his goal was to infect each individual application displayed on the mentioned portals. The NSA could then theoretically monitor each Android device, to which the user would download a single application.

In addition to the current location of the phone (and thus the user), the NSA should also have contacts stored on the phone, but it should also have access to complete correspondence, ie SMS, e-mail, phone calls and data entered by the phone.

Although Google Play and the Samsung app use a high level of leveling, which should reliably prevent such mass flows, cryptography experts speculate that NSA specialists have found a way to foster or circumvent this protection.

The documents in question date from November 2011 and 2012, and it is not yet clear whether the Irritant Horn program has been launched. The reason for its creation was the NSA’s fears of a recurring similar revolution, which broke out in December 2010 in Tunisia and later spread to other countries in the Middle East and North Africa.

In terms of agents, the countries were supposed to be primarily countries in Africa, specifically Senegal, Congo and Sdn, but the servers of the application portals, which were supposed to be infectious, were also located in completely different regions. This was the case with an infected server in France, Cuba, the Bahamas or Morocco, Switzerland or Russia. Due to the time when full NSAs were formed, Google Play was referred to as the Android Market.

Sensitive data leaked through the popular web browsers

The NSA, with its pioneer unit, has focused on expanding sensitive information through the UC Browser. Although this title is not widely known in Europe, it is relatively popular in Asia, its member base is more than half a billion users. This makes it one of the most popular web browsing tools for Android.

Tm The Five eyes discovered gaps in the security of this browser, through which it was possible to detect phone numbers or use only SIMs.

After publishing this information, UC Browser found itself in the sights of the Citizen Lab research group at the University of Toronto, which analyzed the threats arising from its use in detail. The group has indeed identified a fundamental safety of dry in the English and German versions of the application.

In addition to telephone numbers, spies with knowledge of security flaws could also collect user search queries or the unique ID of the device, which could then be used to level the location.

Representatives of the Citizen Lab warned the creators about the identified gaps, which will warm up private users in mid-April. The company responded with the release of an update, which was installed by the security dry.

A spokesman for Alibaba Group, under which UC Browser falls, said it was a privacy policy. He added that the sending of sensitive data would be detectable and the day of such suspicious traffic was not recorded.

Citizen Lab editor Ron Deibert has often criticized the NSA. As a result, hundreds of millions of ordinary users from around the world are beaten.

The NSA has not yet issued enough comments to comment on the invited information.

About the Author

You may also like these