HighRise: WikiLeaks today published another user manual hacking CIA tool in the Vault 7 leak series.
This tool is called HighRise internally by the CIA and it is an Android application for monitoring and redirection messages SMS to a remote server.
According to the leaked manual (PDF), HighRise works only on Android 4.0 to 4.3 (Android Ice Cream Sandwich and Jelly Bean), but since December of 2013, the tool has probably been upgraded to support the latest versions of Android OS released over the last four years.
HighRise tool also known as TideCheck
The actual HighRise tool is packaged in an application called TideCheck (tidecheck-2.0.apk, MD5: 05ed39b0f1e578986b1169537f0a66fe).
The tool was not designed for social engineering attacks. CIA agents must install the application on the victim's own device and then run it manually at least for the first time.
When launching the tool for the first time, CIA agents will need to enter a special code to access its settings. This default code is the word "inshallah" (Arabic word meaning "the will of God").
Once the code is entered, the tool reveals its three-button management panel. The first one will launch the tool, the second will display / edit the configuration file of the tool, and a third will allow the operator to send an SMS from the phone to a remote CIA server.
According to the HighRise manual, the main features of the tool are the following:
- Send a copy of all incoming SMS messages to a server on the Internet that is controlled by the CIA.
- Send SMS messages from the victim's smartphone.
- A communication channel is provided between the HighRise operator and the LP.
- TLS / SSL secure internet communications.
According to the last two features, HighRise is not necessarily a tool for installation on just one target phone, but an application that can be installed on CIA employee phones and provide a secondary, encrypted communication channel between employees and superiors.
Please be reminded that Wikileaks is releasing documents in the Vault 7 series from 7 2017 March, expounding more and more Coca-Cola tools.
"Year Zero: CIA exploits popular hardware and software.
Weeping Angel: the spy tool that the service uses to infiltrate smart televisions, turning them into covert microphones.
Dark Matter"Exploits targeting iPhones and Mac.
Marble"The source code of a secret anti-forensic framework. It is basically a obfuscator that CIA uses to hide the real source of malware.
Grasshopper"A framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
Archimedes:- a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles: a software designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to fully acquire full control over infected Windows computers, allowing the CIA to perform many functions on the target machine, such as deleting data or installing malicious software, data theft, and sending them to CIA servers.
CherryBlossom: tool that monitors a target's internet activity, redirect the program browsing, detect email addresses and phone numbers and more through the router.
Brutal Kangaroo: A tool that can be used to infect air-gapped computers with malware.
ELSA Windows malware used by the CIA to identify the location of a particular user using his computer's Wi-Fi.
OutlawCountry: Linux malware that the CIA uses to determine the location of a particular user using its computer's Wi-Fi.
BothanSpy - Gyrfalcon: for SSH authentication theft from Windows and Linux respectively
HighRise the CIA tool for tracking and redirecting SMS messages to a remote server
