NSA hijacked Google Play to install spyware

The NSA teamed up with four other agencies to spy on smartphone users. Photo: NSA

The NSA teamed up with four other agencies to spy on smartphone users. Photo: NSA

The National Security Agency and several of its allies around the world have hijacked connections to multiple Android app stores to plant spyware on hundreds of millions of devices.

According to a top secret document leaked by whistle-blower Edward Snowden, the Google Play Store, Samsung’s app store, and UC Browser, a web browser that’s incredibly popular in China and India, were the main targets.

The NSA was one of five agencies across the U.S., the U.K., Canada, New Zealand, and Australia that teamed up to form a unit called the Network Tradecraft Advancement Team. Its main purpose was to find ways to exploit smartphone technology for surveillance.

According to the documents, which were obtained by The Intercept, the NSA and its partners met during a series of workshops held between November 2011 and February 2012 to discuss their tactics. The pilot project was codenamed “IRRITANT HORN.”

The agencies used an Internet spying system to “identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google,” The Intercept explains.

They would then hijack those connections using a “man-in-the-middle attack” to send malicious software to targeted devices, which would allow them to collect data without alerting the user.

Previous leaks have revealed that the NTAT also targeted the iPhone, and planned to steal emails, text messages, web browsing history, call records, videos, photos, and other data. But it wasn’t just interested in taking data.

The unit also wanted to use its software to send “selective misinformation to the targets’ handsets,” including propaganda and information that could confuse possible enemies.

In addition to intercepting app store traffic, the NTAT also took advantage of a vulnerability in the popular UC Browser that allowed it to monitor users. According to Citizen Lab Director Ron Deibert, “hundreds of millions of users worldwide” will have been affected.

Google and Samsung have both declined to comment on the document.

If you’d like to know more about the NTAT and its methods, you’ll find the entire document — all 52 pages of it — right here.