As per the latest documents provided by Edward Snowden, the NSA developed a program called IRRITANT HORN for delivering malware via Samsung and Google app stores.
Edward Snowden has exposed another plan of the National Security Agency/NSA in which the agency had devised a program for spreading malware by intercepting web traffic across mobile application servers. The document was published Wednesday by CBC News in collaboration with The Intercept.
One of the two slides shows Samsung’s update protocol whereas the other displays the Google Play servers that are based in France. These servers were apparently used for delivering updates to mobile phones all over northern Africa.
The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. (Google declined to comment for this story. Samsung said it would not be commenting “at this time,”) according to The Intercept.
The NSA could easily intercept traffic before it reached the servers if the route to those servers was created. Then, the NSA would have injected malware to certain users using a man-in-the-middle attack.
The files will be assumed to be coming from a reliable app store but actually these would be coming from the NSA so that the agency could deliver spying tools from its highly extensive database of surveillance devices. For instance, NSA could easily acquire a user’s contact list or obtain his location in real-time.
TLS encryption is employed by both Google and Samsung for ensuring protection against man-in-the-middle attacks but cryptographers have always believed that the NSA had developed or obtained the technology to break or circumvent these security barriers.
The document was created between November 2011 and February 2012 and it is not clear if this plan was actually implemented by the NSA. However, it displays that the NSA has an abiding interest in breaking the protective layers to obtain user data and to spread malware to targeted devices.TheIntercept CBA News