Experts On Iranian Hackers Can Now Beat Encrypted Apps

Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems — a capability Iran was not previously known to possess, according to two digital security reports released Friday. The operation not only targets domestic dissidents, religious and ethnic minorities and antigovernment activists abroad, but can also be used to spy on the general public inside Iran, said the reports by Check Point Software Technologies, a cybersecurity technology firm, and the Miaan Group, a human rights organization that focuses on digital security in the Middle East.

More information: https://www.nytimes.com/2020/09/18/world/middleeast/iran-hacking-encryption.html?auth=login-email&login=ema

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
September 21, 2020 4:43 pm

While the hackers were apparently able to infect devices with malware to steal two-factor authentication (2FA) codes received by text, from what I can tell, they weren\’t able to decrypt messages in Telegram and WhatsApp. Unfortunately, app developers and services cannot prevent bad actors from cloning apps to steal information such as 2FA codes.

Last edited 2 years ago by Chris Hauk
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
September 21, 2020 4:26 pm

The attacks described in Check Point\’s report are both sophisticated and multi-faceted. Security and privacy experts, including myself, have recommended WhatsApp and Telegram to people who want to protect their communications. But these apps can do little to prevent users from installing malware or falling for phishing schemes that compromise their devices in other ways.

Additionally, features that make Telegram and WhatsApp more convenient might also be making them less secure. The ability to sync messages between devices or move an account from one device to another is certainly user friendly, but it could also allow hackers to spoof accounts and steal messages as described in Check Point\’s report.

Keeping devices malware-free should be a top priority for Iranian dissidents. They should also consider a more secure messaging app like Signal.

Last edited 2 years ago by Paul Bischoff
2
0
Would love your thoughts, please comment.x
()
x