The National Security Agency, along with several U.S. allies, developed a covert plan to hack smartphones using Samsung and Google apps. The intelligence efforts – which sought to infect those apps with spyware in an effort to monitor and “misinform” targets – were disclosed Thursday (May 21) in documents released by famed NSA whistleblower Edward Snowden and published by The Intercept and CBC News.
The U.S. and its allies — Canada, the United Kingdom, New Zealand and Australia — collectively known as “Five Eyes” sought to uncover information tied to Africa, including the Congo, Sudan and Senegal – and the Western nations sought to monitor the possibility of another Arab Spring, the 2011 wave of anti-government protests that spread across the Middle East.
Though the intelligence agencies in each of the “Five Eyes” nations agreed not to spy on one another’s citizenry, The Intercept noted that the mobile app servers of both Samsung and Google were located in Western nations ranging from France to Switzerland and even Russia. That begs the question as to whether such data outlets could, might or will be used against Western citizens.
“It should come as no comfort that these agencies haven’t yet used these techniques against their own people,” Dave Bullas, director of pre-sales engineering at Stealthbits, told TechNewsWorld in a recent interview. “Any developer will tell you that the best way to build a tool that works is to get it working in one place before using it somewhere else.”
And the surveillance efforts did not stop at the apps level: Five Eyes tapped into information about covert operations tied to an unnamed country’s military unit using UC Browser. The browser runs on iOS, Android Java ME, Symbian and other operating platforms.
The browser is in turn owned by Alibaba, the Chinese eCommerce company, and has a significant presence in China and India, and worldwide, with 13 percent market share, according to Sitepoint.
Five Eyes’ efforts date back to 2011, when the agencies of those nations began exploring ways to intercept and track smartphone activity. The Intercept reported that the Five Eyes agencies utilized the NSA’s XKEYSCORE system to examine smartphone activity and then uncover those smartphones’ ties to app marketplace servers used by both Samsung and Google.
Under the umbrella of a project termed “Irritant Horn,” agencies were then poised to “hijack” user connections to a given app store account, enabling the placement of “malicious” implants to specially targeted devices, thus enabling data collection from those phones. UC Browser also became a target in 2011.
TechNewsWold posits citizens of Five Eyes countries, including U.S. citizens, may in fact be at risk of being targeted by these programs. The U.S. Central Intelligence Agency has been long trying to hack the iOS, the report states, and the FBI has recommended Congress approve “backdoors” to encryption efforts from tech giants including Apple and Google.
“Let’s step back from intent,” Enderle Group Principal Rob Enderle told TechNewsWorld, “just because the Five Eyes agreed not to spy on each other doesn’t mean they themselves can’t be hacked or their methods used by others, both domestic and foreign, who are not a part of this arrangement.”
To check out what else is HOT in the world of payments, click here.