NSA planned to hack Google, Samsung app stores: report

22 May 2015

The US National Security Agency (NSA) had developed plans to hack into data links to app stores operated by Google and Samsung to plant spyware on smartphones, a media report said today quoting a classified document.

NSA is the US technical intelligence agency tasked with global monitoring of information and data for foreign intelligence and counterintelligence and is responsible for protection of US government communications and information systems against penetration and network warfare.

According to a report in online news site The Intercept, US intelligence developed the plan along with the "Five Eyes" alliance, comprising the spy agencies of the UK, Canada, New Zealand and Australia.

Quoting documents leaked by former NSA contractor Edward Snowden, the report  said the plan appeared to have been discussed at meetings involving theses intelligence services in 2011 and 2012 aimed at stepping up surveillance efforts on smartphones.

The intelligence agencies could also use the spyware to send misinformation to targets to confuse potential adversariest.

The project called "Irritant Horn" would allow the agencies to hijack data connections to app stores and surreptitiously implant malicious software on smartphones that would allow for data to be harvested.

The Intercept said the plan was motivated in part by concerns about the possibility of "another Arab Spring," or the spread of popular movements.

The agencies were particularly interested in the Africa region, especially Senegal, Sudan and the Congo but also targeted app store servers in France, Cuba, Morocco, Switzerland, Bahamas, the Netherlands and Russia.

At the time, the Google app store was called Android Market. It is now known as Google Play.

In developing the plan the agencies found weaknesses in UC Browser, an app owned by Alibaba Group which is popular in China and India to browse the Internet and is used by some 500 million people worldwide (Also see: User account secret questions not secure: Google).

The document was also published in Canada by CBC News, which said the aim of the plan was to collect data on suspected terrorists and other intelligence targets, including their online search queries, SIM card numbers, device IDs and the location of the smartphone.

In one case, according to the CBC, analysts found a foreign military using the UC Browser app to communicate covertly about its operations in Western countries.