NSA And GCHQ Spy On Targets Using Leaky Mobile Apps

US and UK intelligence agencies are exploiting data leakage flaws in popular mobile apps such as Birds and Google Maps to gain information on targets, according to fresh Edward Snowden leaks.

One project was so successful it meant “anyone using Google Maps on a smartphone is working in support of a GCHQ system”. Certain exploits allowed agents to power up devices that had been switched off, whilst others allowed them to listen in on conversations.

The NSA said it would only use such techniques against valid targets, saying it focused “only those communications that we are authorised by law to collect for valid foreign intelligence and counterintelligence purposes”.

Other methods exploited code deployed by advertising networks. One of those ad networks, Millennial Media, was said to be working with Angry Birds creator Rovio, which said it did not work with the intelligence agencies and knew nothing of the snooping, according to the Guardian.

Angry Birds was specifically cited in one GCHQ document detailing ways to attack mobile apps.

Mobile app weaknesses

Intelligence agencies could exploit a host of vulnerabilities in the world’s most popular mobile apps, which have been uncovered over the last year. FireEye and MWR InfoSecurity researchers have revealed flaws opened up by ad networks, including Millennial and another big player, InMobi.

Both have libraries that appear in many of the world’s most popular free applications and include  a JavaScript interface. This lets the ad networks learn more about users or carry out actions on a user device, such as taking pictures or turning on microphones. In theory this is by consent of the user, but if done over HTTP not encrypted HTTPS, it can be exploited by outside hackers.

Earlier this month, FireEye said at least 47 percent of the top 40 ad libraries have one or more versions of their code in active use by popular apps on Google Play containing such weaknesses.

Exploiting these weaknesses has now become incredibly easy, as frameworks like the massively popular Metasploit hacking tool have made it possible to carry out attacks by simply clicking a few buttons.

“The NSA has some very clever people working for them in an offensive capacity, it would be naive to believe that they aren’t capable of finding the same vulnerabilities, exploiting them and/or weaponsing them,” David Hartley, from MWR InfoSecurity, told TechWeekEurope.

“When I presented my research I did find that games such as Angry birds were vulnerable to the addJavascriptInterface issue. Lots of popular games are/were, Tetris, Fruit Ninja, etc.”

Redaction controversy

Meanwhile, the Guardian and other papers involved in the Edward Snowden leaks have faced criticism for not properly redacting information on the documents made public yesterday. It was simple to reveal the blacked-out information by copying and pasting it into another file and changing formatting.

The documents placed online have now had information properly redacted, but it is believed a US agent’s name is now out in the open, along with other sensitive information.

A separate leak, published by NBC News, showed how spies tapped into networks to gain an insight into people’s social media and YouTube activity, without gaining permission from the tech companies running those services.

Nothing’s secret in our Snowden quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago