WikiLeaks Reveals CIA Tool Acting as SMS Proxy on Android
14 JUL 2017 NEWS
https://www.infosecurity-magazine.com/news/wikileaks-highrise-cia-android/
WikiLeaks has revealed details about HighRise, a tool allegedly developed by the US Central Intelligence Agency (CIA), which intercepts and redirects SMS messages to a remote web server through an Android application.
In other words, the malware can enable a CIA agent to access the message before it reaches its intended recipient.
The leaked manual comes from Vault 7, the codename given by WikiLeaks to documents it claims reveal a repertoire of hacking tools and capabilities that the CIA has used in the recent past.
According to WikiLeaks, HighRise acts as a proxy server for text messages. However, it is limited to devices which have the malware installed on it manually – meaning that the CIA would need physical access to the Android device to infect the handset.
The manual suggested that it only works on Android versions from 4.0 (Ice Cream Sandwich) to 4.3 (JellyBean) – although it could have been updated to work on more recent versions of the Android OS.
The HighRise tool is packaged inside an app called TideCheck. Once the CIA installs the app on the target’s device, they have to run it at least once, in order for it to work at all times – including when the phone is rebooted. The app starts when the phone is powered on, meaning that it can continue to run in the background and intercept text messages for longer than most other CIA malware, which disappeared after a restart.
According to the manual, CIA operatives have to enter the special code ‘inshallah’ which is the Arabic word for ‘God willing’ to access the app’s settings.
Once activated, the app gives the user three choices – they can return directly to the configuration to make changes, they can start the tool or they can send an SMS from the phone to a remote CIA server.
This is the first Vault 7 data dump to involve the Android OS; most of the other tools have been focused on Windows or Linux. This included Grasshopper, a builder for Windows malware, and Scribble, a beaconing system for Office documents. There has also been a tool geared to hack Samsung smart TVs, and a tool for hacking iPhones and Macs.
WikiLeaks claim that the CIA are, or have been using many of these tools- but critics suggest that the documents are several years out-of-date and have suggested that WikiLeaks has overhyped their importance.
ALSO SEE
http://www.trunews.com/article/wikileaks-highrise-shows-cia-tool-to-redirect-texts
WikiLeaks #Highrise Shows CIA Tool to Redirect Texts
WikiLeaks has released documents showing an alleged CIA hacking tool called ‘Highrise’ which enables the redirection of SMS messages from Android mobile devices
(WASHINGTON, DC) An alleged CIA hacking tool allowing SMS messages to be redirected is the latest covert spy device unveiled by WikiLeaks.
Named ‘Highrise,’ the tool is the latest disclosed in a series of leaks named ‘Vault7,’ which WikiLeaks claims come from within the CIA.
Described in a statement from WikiLeaks as an Android application, ‘Highrise’ provides a redirector function for SMS messaging.
WikiLeaks claims this can be used by the CIA to communicate between implants and listening posts.
The release includes one 12-page document, a user guide for ‘Highrise’ credited to the CIA’s Information Operations Center. It’s described in the document as an Android application for mobile devices running Android 4.0 to 4.4.
Highrise’s features are described as including a communications channel between a field operator and a listening post and the ability to authenticate secure internet communications.
The application must be manually run once when first installed. Following a reboot it will then run automatically, according to the user guide. It appears as an app on the targeted device with the name TideCheck.
The password to install the app is “inshallah” according to the docs, the Arabic language translation of the expression “God Willing.”
WikiLeaks has been releasing leaks from ‘Vault7’ since March, detailing hacking exploits it alleges came from within the CIA. Last week it released ‘Bothan Spy,’ detailing the ability to steal passwords and spy on data sent over networks.
==========================
https://fossbytes.com/highrise-malware-android-sms/
Highrise: How This CIA Malware Spies And Steals User Data Using SMS
July 14, 2017
==========================
https://www.youtube.com/watch?v=16OT3Tz2QXI
Wikileaks fingers CIA’s use of hacking tool ‘Highrise’
==========================
SEE RELATED
https://www.infosecurity-magazine.com/opinions/critical-takeaways-wikileaks-vault/
Critical Takeaways from WikiLeaks 'Vault 7' Release
NOTE THAT THIS OPINION IS BASED ON VAULT 7 RELEASES AS OF MARCH 2017
https://www.infosecurity-magazine.com/news-features/will-vault7-shake-infosec-like/
Will Vault7 Shake Infosec Like Snowden?
NOTE THAT THIS NEWS IS BASED ON VAULT 7 RELEASES AS OF MARCH 2017
https://www.infosecurity-magazine.com/news/wikileaks-highrise-cia-android/
No comments:
Post a Comment