Threat Intelligence, Incident Response, TDR

Wikileaks publishes Vault 7: Highrise tool for Android devices

WikiLeaks Thursday published the manual of another CIA hacking tool “Highrise,” aka “TideCheck,” which is used to intercept and redirect text messages to a remote web server.

The manual, dated Dec. 16, 2013, was part of the Vault 7 leak series and the tool was designed to work on mobile devices running Android 4.0 to 4.3 though it has likely been updated to work on more recent versions.

Features at a glance include proxy “incoming” SMS messages received by HighRise host to an internet LP, send “outgoing” SMS messages via the HighRise host, provide a communications channel between the HighRise field operator & the LP, and TLS/SSL secured internet communications.

The last two features suggest Highrise isn't a tool for installing on a targets phone but an app that can be installed on  the phones of CIA field operatives and provide a secondary, encrypted communications channel between operatives and supervisors, Bleeping Computer researchers said.

When starting the tool for the first time, CIA operatives must enter the special code "inshallah," which is the Arabic word for "God willing" in order to access its settings. Agents are then given the options to Initialize, Show Configuration, or Send Messages.  

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.