Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

WikiLeaks Reveals CIA Tool Acting as SMS Proxy on Android

WikiLeaks has revealed details about HighRise, a tool allegedly developed by the US Central Intelligence Agency (CIA), which intercepts and redirects SMS messages to a remote web server through an Android application.

In other words, the malware can enable a CIA agent to access the message before it reaches its intended recipient.

The leaked manual comes from Vault 7, the codename given by WikiLeaks to documents it claims reveal a repertoire of hacking tools and capabilities that the CIA has used in the recent past.

According to WikiLeaks, HighRise acts as a proxy server for text messages. However, it is limited to devices which have the malware installed on it manually – meaning that the CIA would need physical access to the Android device to infect the handset.

The manual suggested that it only works on Android versions from 4.0 (Ice Cream Sandwich) to 4.3 (JellyBean) – although it could have been updated to work on more recent versions of the Android OS.

The HighRise tool is packaged inside an app called TideCheck. Once the CIA installs the app on the target’s device, they have to run it at least once, in order for it to work at all times – including when the phone is rebooted. The app starts when the phone is powered on, meaning that it can continue to run in the background and intercept text messages for longer than most other CIA malware, which disappeared after a restart.

According to the manual, CIA operatives have to enter the special code ‘inshallah’ which is the Arabic word for ‘God willing’ to access the app’s settings.

Once activated, the app gives the user three choices – they can return directly to the configuration to make changes, they can start the tool or they can send an SMS from the phone to a remote CIA server.

This is the first Vault 7 data dump to involve the Android OS; most of the other tools have been focused on Windows or Linux. This included Grasshopper, a builder for Windows malware, and Scribble, a beaconing system for Office documents. There has also been a tool geared to hack Samsung smart TVs, and a tool for hacking iPhones and Macs.

WikiLeaks claim that the CIA are, or have been using many of these tools- but critics suggest that the documents are several years out-of-date and have suggested that WikiLeaks has overhyped their importance. 

What’s Hot on Infosecurity Magazine?