As NSA (National Security Agency) and its colleague agencies got into act at their peeks, a few years back, Google and Samsung app stores were targeted by the government for hijacking.
According to reports by The Intercept and CBC News, the plan of said agencies was to hijack the connections being made between smartphones and the marketplace servers they rely on, and afterward inserting malicious program onto the targeted devices. Then data could secretly be collected by NSA and friendly agencies, and some “selective misinformation” might be sent to the targets for confusion of propaganda purposes.
Edward Snowdern, former NSA contractor, is the source from where this report has been stemmed from. A workshop series held by NSA and its counter-parts in United Kingdom, Canada, Australia and New Zealand (known as Five Eyes, collectively) has been outlined in the report.
As this possible hijacking way were investigated, the NSA alongside its allies (Five Eyes) also found a huge vulnerability in the UC Browser that’s widely used all through Asia. The spying program reportedly was leaking SIM card numbers and phone numbers to its servers within China, alongside and other device details – making it more like a treasure trove for the spying agencies.
Now, the vulnerability remained undetected until the last April, prior to a vulnerability report being sent to the Alibaba Group (parent company of UC browser) by human rights group Citizen Lab. A source from Alibaba denied any kind of leakage caused by spying agencies.
So why this all matters?
There’s no doubt that it isn’t clear what happened with the said hijacking plan, but the reports gesture pretty clearly that spying agencies including UK’s GCHQ and US’s NSA aimed at designing a spyware for the Android devices and iPhones. And of course, these newly released documents tell about the potential strategy being used by the agents to infect the targeted phones.
Another grave concern popping up from the leaked documents is, whether the discovered vulnerabilities in software should be exploited by the spy agencies – instead of being reported by the government? Because, if such computer programs could be kept exploited by government agents themselves – aren’t huge number of users going to be at great risk?
President Barack Obama stated he is pretty much favor of disclosing the vulnerabilities, but only with exceptions of national security and the law enforcement needs. EFF (The Electronic Frontier Foundation) has sued NSA for detailed specifics on exactly when it could keep the security flaws and bugs secret.