A new leak shows that the National Security Agency and its allies intended to plant spyware in popular mobile app stores.
Documents obtained by Edward Snowden show that a group called the Network Tradecraft Advancement Team — which includes people from the U.S., U.K., Canada, New Zealand, and Australia — planned a project named IRRITANT HORN that aimed to gather user data and plant spyware on select smartphones. The docs show that IRRITANT HORN targeted Google Play in France heavily, but also went after stores in Cuba, Senegal, Morocco, and more. Samsung’s app store was also targeted, as was UC Browser, the latter of which had previously leaked user info like phone numbers, SIM card info, and device details in China.
After holding workshops in Canada and Australia in late 2011 and early 2012, the NTAT planned to perform man-in-the-middle attacks on Google and Samsung’s app stores, using those connections to plant spyware on certain devices and pull data from them. The leaked docs show that IRRITANT HORN was successful in identifying connections from non-5 Eyes countries.
Neither Google nor Samsung have commented on these leaked documents. It’s worth noting, though, that the spy agencies that worked on IRRITANT HORN made agreements not to spy on the citizens of each others’ countries, instead going after only certain targets. However, it’s still somewhat unsettling to read over all of the leaked docs about these groups targeting Google Play and Samsung’s app store for planting spyware on select devices. If you’d like to look over the leaked docs for yourself, you can find more information at the links below.