WikiLeaks Vault 7 publication released on Thursday, July 13, a new CIA tool. This time, the application targets smartphones running Android versions 4.0 through 4.3. The application works as an SMS proxy by providing a redirector function for SMS messages. The app will forward incoming and outgoing messages using a secured communications channel to a designated Listening Post(LP). According to the CIA document on WikiLeaks, the goal is “to provide a greater degree of separation between the devices in the field(“targets”) and the listening post.
The application requires to be manually installed on the target device and will run automatically in the background on the next reboot. To install the application, the agent opens the smartphone’s browser and navigates to a website containing the HighRise application. Once downloaded, one only needs to tap the application, tidecheck-2.0.apk, in the downloads folder and tap “OK” to begin the installation. The application will appear on the device as an installed app using the name TideCheck. To initialize HighRise, the operator taps the app TideCheck, where a prompt for a secret code will be displayed. Once the code is entered, the agent only needs to tap on the Initialize button.
For the application to work, the smartphone must be running Android versions 4.0 through 4.3. Furthermore, the smartphone must have SMS capabilities and an internet connection. The application uses TLS/SSL secured communications channel between the Operator and the Landing Post. Features of the application include Proxying incoming messages received by highrise to an internet Landing Post(LP). Similarly, the application uses the HighRise host to proxy outgoing messages.