A top secret document leaked from National Security Agency whistleblower, Edward Snowden, was published earlier this week by CBC News in conjunction with The Intercept, showing a number of tactics that the “five eyes” security agencies would use in order to monitor the population. The five eyes alliance – the United States of America, Canada, the United Kingdom, New Zealand and Australia – had a project designed to essentially use man-in-the-middle attacks between customer devices and either the Google or Samsung app stores. As such, the security agencies were planning on exploiting the smartphone for surveillance purposes. The plans involved developing a method to hijack users’ connections to the respective application stores and interfere in the process by sending malicious code to targeted devices. These implanted applications could be used to collect data from the handset without the user noticing.
We have already seen from Edward Snowden’s files that the five eyes alliance had already designed spyware for iOS and Android smartphones, which allow them to infect target devices and so steal email, texts, browser history, call records, media and other files stored on the device. However, until now we had seen no evidence as to how the security agencies were going to manage to influence devices. The report details how the agencies also wanted to use the hijacked handsets as a way of sending “selective misinformation to the targets’ handsets” as part of operations designed to spread propaganda or confusion.
Another section in the report detailed the security and privacy vulnerabilities in the UC Browser, one of the most popular mobile browsers in Asia with around half a billion users. It appears that the agencies discovered a security weakness in these browsers that leaked personally identifiable information about the handsets. The report documents how the five eyes agencies discovered a communication channel linked to a foreign military unit believed to be involved in covert activities in Western countries. Citizen Lab, a human rights and technology research group, assessed the Android version of the UC Browser for CBC News and identified “major security and privacy issues,” advising the US Group about this in April. UC Group have released an update to the application designed to stem the data leak.