Vault 7: CIA’s HighRise malware spies on SMS communication

WikiLeaks released documentation on another Vault 7 hacking tool used by the CIA for large cyber-espionage operations.

Dated December 2013, the 12-page document describes an Android malware, internally known as HighRise, hidden in an application named TideCheck.

HighRise runs on Android versions 4.0 to 4.3 with a “redirector function for SMS messaging” to a remote CIA server.

According to the document, the malware has the following features:

  • Proxy “incoming” SMS messages received by HighRise host to an internet LP
  • Send “outgoing” SMS messages via the HighRise host
  • Provide a communications channel between the HighRise field operator & the LP
  • TLS/SSL secured internet communications

The application has to be manually downloaded, installed and activated by CIA agents on the victim’s phone, an odd and complicated scenario as most hacks rely on social engineering techniques. This implies agents need physical access to the device on which they have to insert the code “inshallah,” Arabic for “God willing.”

The manual doesn’t say why this specific word and language were chosen. Once activated, the program automatically runs in the background and intercepts all communication.

Since the document was released four years ago, the tool may have been updated to run on newer Android versions.

Leave a Reply