Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems — a capability Iran was not previously known to possess, according to two digital security reports released Friday. The operation not only targets domestic dissidents, religious and ethnic minorities and antigovernment activists abroad, but can also be used to spy on the general public inside Iran, said the reports by Check Point Software Technologies, a cybersecurity technology firm, and the Miaan Group, a human rights organization that focuses on digital security in the Middle East.
More information: https://www.nytimes.com/2020/09/18/world/middleeast/iran-hacking-encryption.html?auth=login-email&login=ema
While the hackers were apparently able to infect devices with malware to steal two-factor authentication (2FA) codes received by text, from what I can tell, they weren\’t able to decrypt messages in Telegram and WhatsApp. Unfortunately, app developers and services cannot prevent bad actors from cloning apps to steal information such as 2FA codes.
The attacks described in Check Point\’s report are both sophisticated and multi-faceted. Security and privacy experts, including myself, have recommended WhatsApp and Telegram to people who want to protect their communications. But these apps can do little to prevent users from installing malware or falling for phishing schemes that compromise their devices in other ways.
Additionally, features that make Telegram and WhatsApp more convenient might also be making them less secure. The ability to sync messages between devices or move an account from one device to another is certainly user friendly, but it could also allow hackers to spoof accounts and steal messages as described in Check Point\’s report.
Keeping devices malware-free should be a top priority for Iranian dissidents. They should also consider a more secure messaging app like Signal.