Saturday 23 May 2015

NSA Had Plans to Hack Smartphones via Malware Delivered Through Google Play Store

Samsung Store was targeted by the agency as well

New top-secret NSA documents reveal plans to get around security of major Android application stores like Google Play and Samsung Store with the purpose of spying on those who use these stores.

The report comes from The Intercept and describes a plot in which NSA put together a surveillance project alongside its allies with the purpose of the infecting smartphones with malware via Google Play Store and Samsung Store.

The project was launched by a unit caller “Network Tradecraft Advancement Team” and included spies from multiple countries such as United States, Canada, New Zealand, Australia and the United Kingdom.

The document obtained by Edward Snowden and published by The Intercept describes NSA's tactics that employed the Internet spying system XKEYSCORE it identify smartphone traffic flowing across Internet cables, and then to track down smartphone connections to app store servers owned by Google and Samsung.
Malware “implants,” “man-in-the-middle” attacks, “effects” operations
Another part of the surveillance project pursued other plans like methods of hacking and hijacking phone users' connections to app stores to that they could send malware “implants” to targeted devices. These “implants” would then be used to gather the data from the phones without the user could notice it.

The document also highlights how NSA and its allies would have used these app stores to launch “man-in-the-middle” attacks to infect smartphones with implants, if the project would have been successful.

But that is not all. The document published recently explains how NSA and its allies wanted to find other methods of hijacking smartphones in order to send “selective misinformation to the targets’ handsets” as part of something called “effects” operations, which are used to spread propaganda or confuse enemies.

The ultimate goal for NSA would be to get access to Google and Samsung's servers, in order to be able to use them for collecting information about phone users, in secret.

There are more to the report, so if you want to know the whole story make sure to check it out at The Intercept.

No comments :