By Alex Diaz, ,
Published February 21, 2018
Millions of smartphone users in the United States, and around the world, are vulnerable to being spied-on by the Iranian government, according to a new report. And apparently all it takes is downloading the wrong app.
The report, "Iran: Cyber Repression," was recently published by the National Council of Resistance of Iran (NCRI), considered to be the nation’s largest opposition group. NCRI researchers allege in this new investigation that there are not only hundreds of smartphone apps currently being used by the Iranian regime to spy on its own citizens, some of them are available to users around the world via online marketplaces like Apple's App Store, Google Play and GitHub.com.
"The Iranian regime is currently hard at work to test the success of these apps on the people of Iran first," said Alireza Jafarzadeh, the deputy director of the NCRI’s Washington office. “If not confronted, its next victims will be the people of other nations," Jafarzadeh added, noting that the Iranian intel unit responsible for this alleged surveillance is the same group tasked with cyberwarfare against the West.
Multiple attempts to reach officials at Apple and Google were unsuccessful, but media reports suggest Google has launched an investigation into the claims. A quick scan of the Apple Newsroom and the Google Security Blog reveals zero recent posts about the allegations.
A GitHub representative pointed us to their company policy on malware, which suggests they "do not allow anyone to use our platform for exploit delivery, such as using GitHub as a means to deliver malicious executables." While the policy prohibits anyone from using the GitHub platform to distribute apps with malicious code, GitHub goes on to state that the company does not "prohibit the posting of source code which could be used to develop malware or exploits, as the publication and distribution of such source code has educational value and provides a net benefit to the security community."
Apple guidelines state that developers should not "include any hidden or undocumented features in your app." Likewise, Google policies suggest "[apps] that are deceptive, malicious, or intended to abuse or misuse any network, device, or personal data are strictly prohibited."
The NCRI report lists a handful of supposedly problematic apps that are available outside of Iran, despite these alleged connections to Iranian intelligence. The list includes Mobogram, Telegram Farsi and Telegram Black. Fox was able to confirm that most, if not all, are indeed still available for download.
According to the report, these apps are referred to as "fork" versions of the popular messaging app, Telegram. In this case, the term "fork" is used to describe programs that are essentially unofficial copies of other officially-licensed programs.
Many of these “forks” were designed to appeal to users looking for a messenger service that allows them to communicate in Farsi, a feature that isn’t always supported by standard messaging apps, including Telegram. That’s not the function that has the NCRI concerned, however, as they claim these apps can do everything from sending a text, to recording audio, and even taking your picture for surveillance purposes.
Furthermore, the NCRI argues that some of the companies behind these copycat apps, like Hanista (the developer of Mobogram), are nothing more than "front companies" for the Islamic Revolutionary Guard Corps. Attempts to reach Hanista were unsuccessful.
It is estimated that some 40 million people in Iran were using the official Telegram app as a series of deadly protests broke out at the end of 2017, and the beginning of 2018. The apps have become popular because people outside of Iran are able to communicate with their family and friends, and because domestic users are able to evade government crackdowns on the internet.
Fox News' Eric Shawn was able to communicate with Iranian protesters during the December/January unrest using a smartphone app, allowing citizens there to speak with western media about their opposition to the regime - and their support for the United States - without fear of retaliation.
Use of the Telegram app was banned during those protests, and the NCRI report suggests Iran's apparent cyber-spying efforts spiked shortly after. Thousands of people were arrested during the protest period, and the NCRI suggests some of them were presented with the option “to leave the Telegram environment and enter the controlled environment of Mobogram” before being released by authorities.
In July 2017, Pavel Durov, founder and CEO of Telegram, suggested on Twitter that "Mobogram is an outdated and potentially insecure fork of Telegram from Iran. I don't advise to use it." A few years earlier, in 2015, Durov suggested on Twitter that Iranian officials had wanted “to use @telegram to spy on their citizens.
“We can not and will not help them with that," he wrote.