WikiLeaks Releases Frightening Details of CIA’s Secret SMS Tracking Software

WikiLeaks Releases Frightening Details of CIA’s Secret SMS Tracking Software

Thanks to WikiLeaks, we have more information about the CIA’s secret SMS tracking software.

The latest addition to WikiLeaks’ Vault 7 cache describes a CIA-controlled app capable of intercepting SMS messages sent and received via Android devices.

Vault 7 is WikiLeaks’ cache of CIA-related documents. Over the past year, Vault 7 has leaked details of some of the CIA’s most secretive tracking and monitoring programs.

The latest leak describes an SMS tracker called TideCheck. TideCheck uses a monitoring program called HighRise, which intercepts messages and then sends them to a server controlled by the CIA.

The app works by serving as an SMS proxy. Using that proxy, the CIA can intercept messages sent to and received from the target’s phone. The app is password-protected to prevent tinkering. Interestingly, the password for the app is “inshallah”.

The HighRise/TideCheck program cannot be installed remotely. CIA operatives need physical access to a phone to install the app.

Another restriction of the app is that it only works on Android versions 4.0 to 4.3. However, the WikiLeaks file dates back to 2013, so many believe the platform was updated to the latest version over time, before being abandoned after the release of Android 4.3. Android 4.3 was released in

The CIA Uses the App for SMS Tracking As Well As Secure Communication

Another interesting detail about the CIA’s SMS tracking software is that it’s not just used to spy on a target’s SMS messages. It’s also used as a secure communications channel for CIA operatives.

However, the main function of the app appears to be as an SMS tracking tool.

Here’s what WikiLeaks has to say about the SMS tool before introducing it:

“Today WikiLeaks publishes documents from the Highrise project of the CIA. HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts. HighRise acts as a SMS proxy that provides greater separation between devices in the field (“targets”) and the listening post (LP) by proxying “incoming” and “outgoing” SMS messages to an internet LP. Highrise provides a communications channel between the HighRise field operator and the LP with a TLS/SSL secured internet communication.”

You can view the full WikiLeaks documentation for the HighRise/TideCheck SMS tracking software here. The specific document leaked to WikiLeaks is a userguide for the software, which appears to be intended for distribution among CIA operatives.

The user guide, which is 12 pages long, describes exactly how to use the app and track SMS messages through the app. There’s even a “troubleshooting tips” section.

The main features of the app include:

  • Redirect incoming SMS messages to an internet LP (listening post)
  • Send outgoing SMS messages via the HighRise host for monitoring
  • Provide a communications channel between the HighRise field operator and the LP
  • Offer TLS/SSL secured internet communications

As you can see, the first three features are all related to using the messenger app as a tool for listening stations – i.e. the surveillance stations used by CIA operatives. The app can be used to intercept all messages sent and received over a device.

Ultimately, the CIA still needs physical access to a device to install the software. However, if the CIA had this software in the early 2010s, it makes us wonder what kind of SMS tracking software it uses today.

Header image courtesy of WikiLeaks