Vault 7: new WikiLeaks dump details Android SMS snooping malware – Naked Security

Since launching its Vault 7 project in March, WikiLeaks has dumped documents outlining the CIAs efforts to exploit Microsoft and Apple technology. In this weeks latest release, it focuses on malware called HighRise, which the agency used to target Android devices.

WikiLeaks describes HighRise this way on its website:

HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts. HighRise acts as a SMS proxy that provides greater separation between devices in the field (targets) and the listening post (LP) by proxying incoming and outgoing SMS messages to an internet LP. Highrise provides a communications channel between the HighRise field operator and the LP with a TLS/SSL secured internet communication.

HighRise has to be installed manually on a targets phone, and it has to be set up manually, according to the 12-page HighRise user guide dated December 16 2013. Once the apk is installed on the targeted device,an application named TideCheck appears in the list of apps on the device.

TideCheck houses HighRise, and the agent must open the app to start the process. It then runs a special code once the word inshallah (God willing in Arabic) is entered into a text box disguised to look like its asking for an activation code for the app. Once the code is entered, the agent taps into the apps settings.

After initial installation, HighRise runs in the background and automatically activates whenever the phone is turned on. The app continuously intercepts texts.

Its a powerful spying tool but it has limits. For one thing, it must be installed onto a device manually and not remotely. The agent must have physical contact with the victims device to infect it.

Its unclear if the CIA still uses HighRise.

This latest leak comes nearly a month after WikiLeaks last dump,from a project dubbed Cherry Blossom (WikiLeaks variously writes both Cherry Blossom and CherryBlossom, but the leaked documents routinely refer to Cherry Blossom, or CB for short, if youre a stickler for precision).

In the words of its own Quick Start Guide, the CB project focused on internet surveillance:

The Cherry Blossom (CB) system provides a means of monitoring the internet activity of and performing software exploits on targets of interest. In particular, CB is focused on compromising wireless networking devices, such as wireless (802.11) routers and access points (APs), to achieve these goals.

Such leaks raise concerns that other attackers will use the tools for their own campaigns. Weve already seen that happen with the recent WannaCry and Petya outbreaks, which made use of NSA tools dumped by the Shadow Brokers hacking group. When the Vault 7 dumps began, we asked security experts if there were any silver linings for the good guys.

Eric Cowperthwaite, former VP of strategy for Core Security and now director of managed risk services for Edgile, said at the time that he was conflicted on that question.

He brought up the case ofChelsea Manning,a United States Army soldier convicted by court-martial in 2013 for violating the Espionage Act and other offenses, after givingWikiLeaks thousands of classified and/or sensitive military and diplomatic documents:

There is good and bad in this. We know that some of the Manning leaks had impacts on military operations. That was part of Mannings trial. I also found it interesting that Wikileaks alleges that the US intelligence community has a problem keeping its cyberwar tools off the black market. And if the CIA, NSA, etc. cant keep these things under control, that is something that citizens should know.

Its worth noting that this is an exploit for older, outdated versions of Android, and theres no way of knowing if theres a more current version that works with updated iterations of the mobile operating system. At Naked Security, well be keeping our ear to the ground.

Read this article:
Vault 7: new WikiLeaks dump details Android SMS snooping malware - Naked Security

Related Posts
This entry was posted in $1$s. Bookmark the permalink.