As part of the Vault 7 series of disclosures, WikiLeaks has released documents related to a secret CIA project known as HighRise. HighRise is an SMS proxy tool hidden within an Android application known as TideCheck. HighRise works on Android devices only, for versions 4.0 to 4.3, and not on previous versions of the operating system. However, the Highrise version number in the documents is 2.0, which seems to indicate that previous versions of the tool could work on previous versions of Android.

Unlike most of the other tools released as part of the Vault 7 disclosures, HighRise is not easy to install on a target device for covert surveillance purposes. The agents have to manually activate the application containing HighRise once, known as TideCheck. Operatives had to navigate to to download the software on the device. The url no longer works. The MD5 checksum for the apk is 05ed39b0f1e578986b1169537f0a66fe.

A password has to be keyed in to the software to make it start working, and this password was “inshallah”. Then the operative has to initialise the tool so that it persistently starts up during boots ups. The tool can proxy incoming messages recieved by HighRise to a listening post on the internet, and outgoing messages can be sent directly from HighRise. The tool provides a communication channel between the field operator and the listening post, using TLS/SSL secured internet connections.

Publish date: July 13, 2017 7:06 pm| Modified date: July 13, 2017 7:06 pm

Tags: , , , , , , ,