NSA, Allies Developed Android Attack

by Developer.com Staff

The man-in-the-middle attack could have installed spyware when users attempted to download legitimate apps from Google Play.

Edward Snowden has delivered another wakeup call about the need for improved security in the mobile development industry. The latest set of documents leaked by Snowden shows that the National Security Agency (NSA) and allied agencies from Canada, the U.K., Australia and New Zealand developed capabilities to target communication between mobile apps and app stores, include Google Play and the Samsung app store. These capabilities could be used for man-in-the-middle attacks that could download spyware onto targeted phones, decrypt encrypted Web communication or present propaganda to users.

The leaked documents don't say that the technology was ever used in the field, but "Op Irritant Horn" tested the attack tactics and confirmed that they worked. The "Five Eyes" countries involved in the project have an agreement not to spy on each other, so their plan targeted app servers in France, Switzerland, the Netherlands, Cuba, Morocco, the Bahamas, Russia and other countries.

Unexpectedly, the project also uncovered a vulnerability in the UC Browser, which is owned by China's Alibaba group. This vulnerability was already being exploited by another attacker, so the allies began passively collecting the data that was being transmitted by this independent attack.

View article

This article was originally published on Friday May 22nd 2015
Mobile Site | Full Site