New documents from whistleblower Edward Snowden reveal the NSA had a plan in place to use app stores from Google and Samsung to deliver malware to mobile devices.
Dubbed IRRITANT HORN, the plan was to seek out the path of web traffic to and from mobile application servers belonging to Google and Samsung. Once found, the NSA would conduct a man-in-the-middle attack in which it could silently load a target’s mobile device with the spying tools of its choice from its extensive catalog which includes tools to extract e-mails, texts, web search history, call records, videos, photos and more.
With the user connecting to an official app store, there would be no reason to suspect anything was up.
As you may know, most major companies – Google and Samsung included – utilize Transport Layer Security, or TLS, to protect against such attacks. However many in the security community suspect the NSA has long ago figured out how to circumvent TLS.
The latest Snowden documents are dated between November 2011 and February 2012. It’s unclear if the plan was ever implemented although given that the slides are several years old at this point, I wouldn’t be surprised if they’re already using the attack or perhaps even a more sophisticated version.
Another possible point of entry was revealed back in February when it came to light that multiple spying agencies have had access to SIM card encryption keys for years.