Edward Snowden has delivered another wakeup call about the need for improved security in the mobile development industry. The latest set of documents leaked by Snowden shows that the National Security Agency (NSA) and allied agencies from Canada, the U.K., Australia and New Zealand developed capabilities to target communication between mobile apps and app stores, include Google Play and the Samsung app store. These capabilities could be used for man-in-the-middle attacks that could download spyware onto targeted phones, decrypt encrypted Web communication or present propaganda to users.
The leaked documents don’t say that the technology was ever used in the field, but “Op Irritant Horn” tested the attack tactics and confirmed that they worked. The “Five Eyes” countries involved in the project have an agreement not to spy on each other, so their plan targeted app servers in France, Switzerland, the Netherlands, Cuba, Morocco, the Bahamas, Russia and other countries.
Unexpectedly, the project also uncovered a vulnerability in the UC Browser, which is owned by China’s Alibaba group. This vulnerability was already being exploited by another attacker, so the allies began passively collecting the data that was being transmitted by this independent attack.