NSA planned to use Google and Samsung app stores to spread eavesdropping malware

Latest Edward Snowden documents show NSA plan to spread malware via app stores

The US National Security Agency (NSA) planned to use smartphone app stores to propogate malware that it would later use to eavesdrop on users.

That is the latest claim from the trove of secret documents released by NSA whistleblower Edward Snowden.

"The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012," claims The Intercept, the publisher holding the documents, the contents of which were also publicised on Canadian television.

"Electronic intelligence agencies began targeting UC Browser - a massively popular app in China and India with growing use in North America - in late 2011 after discovering it leaked revealing details about its half-billion users," said the Canadian Broadcasting Corporation.

It continued: "Their goal, in tapping into 'UC Browser' [owned by China's biggest internet company Alibaba] and also looking for larger app store vulnerabilities, was to collect data on suspected terrorists and other intelligence targets - and, in some cases, implant spyware on targeted smartphones."

Over the course of several workshops held in Canada and Australia in late 2011 and early 2012, a joint Five Eyes tradecraft team tried to find ways to implant spyware on smartphones by intercepting the transmissions sent when downloading or updating apps, it adds.

The project was integrated with the NSA's spying system, XKEYSCORE, which searches smartphone and other traffic as it traverses the internet. It would be used to track down the individual smartphone connections and, in this way, the NSA's spying targets.

"Previous disclosures from the Snowden files have shown agencies in the Five Eyes alliance designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and grab emails, texts, web history, call records, videos, photos and other files stored on them. But methods used by the agencies to get the spyware onto phones in the first place have remained unclear," claims The Intercept.

The newly published 52-page document shows how the agencies wanted to exploit app store servers - using them to launch so-called "man-in-the-middle" attacks to infect phones with the implants.

"But the agencies wanted to do more than just use app stores as a launching pad to infect phones with spyware," claims The Intercept.

"They were also keen to find ways to hijack them as a way of sending 'selective misinformation to the targets' handsets' as part of so-called 'effects' operations that are used to spread propaganda or confuse adversaries. Moreover, the agencies wanted to gain access to companies' app store servers so they could secretly use them for harvesting information about phone users," it adds.

According to The Intercept, the project was partly motivated by concerns over the so-called "Arab Spring", which had taken Western governments by surprise. The aim was to focus spying and surveillance on countries in Africa, including Senegal, Sudan and Congo. The discovery of insecurities in the UC Browser, which is popular across Asia, encouraged NSA technicians to see whether they could exploit those insecurities for their own ends.

The UC Browser is a J2ME-only application that runs on Android, Apple iOS, Windows Phone, Symbian, Java ME and Blackberry, with a beta version now running on Windows PCs. Like Opera Mini, it uses a number of techniques to reduce data use, including server-side compression that, for example, reduces images to sizes appropriate to the device. It claims some 500 million users worldwide, particularly in India and China.