It’s been months since angry Iranians took to the streets to oppose the regime, and protests are still raging. So far, authorities have responded with ruthless repression, both online and offline.
Rising levels of violence (especially against women), hundreds of suspicious arrests, death sentences quickly turning into executions: this is what protesters face every day.
Nevertheless, they took precautions. VPN downloads have skyrocketed since the riots began, for example as a way to protect anonymity and circumvent censorship. And yet it seemed that the officers were always able to easily intercept their communications and movements.
recent investigation (opens in a new tab) revealing details about Iran’s mobile surveillance rules may explain why this is happening. A series of internal emails and documents were first leaked to the American non-profit news organization The Intercept and then reviewed by experts at the Canadian Citizen Lab.
While this evidence does not include contracts, it still provides insight into the intentions of the Iranian government to build an unprecedented mobile surveillance system. Even worse, perhaps it also shows how some international private companies are willing to make money despite the harm to the human rights of the Iranian people.
The Iranian authorities operate a very unusual and long-range mobile surveillance system which they intend to develop and expand; aspirations to reach the activities of all mobile operators in the country… pic.twitter.com/EYQDYZrBGdJanuary 16, 2023
Iranian mobile interception system
“We have seen other systems, such as those used in areas such as Russia and China, engage in blocking mobile devices. But I think Iran is very unique in that it has very tight control and oversight,” Gary Miller, a mobile security researcher at Citizen Lab, told TechRadar.
Miller led the main investigation and study of the Iranian intercept system, analyzing technical aspects revealed in communications between Iranian Mobile Virtual Network Operators (MVNOs) and Iran’s Communications Regulatory Authority (CRA) with a number of foreign vendors.
What he and his research team discovered was an extremely rare mobile interception system that, if fully implemented, would enable authorities to “directly monitor, intercept, redirect, degrade or reject all Iranian mobile communications.”
The entire infrastructure consists of various components that fit together to form the perfect surveillance puzzle.
The Legal capture system is the main part of it, responsible for both spying on users and controlling their actions. At its core is the so-called SIAM: web-based software used by every mobile service provider in Iran, providing the CRA with a series of commands to remotely manipulate mobile connections while monitoring usage details.
SIAM can throttle your phone’s data speed, such as downgrading your call network to an unsecured 2G network.
It also allows authorities to track countless user data such as real-time physical locations and history, Wi-Fi networks and IP addresses from which people connect to the internet. Other commands may even prevent users from answering or making calls.
Such a system is enhanced by a component that alerts the CRA to any changes in the status of active SIM cards, allowing authorities to prevent users from having more than one active account with different providers, along with an interface that collects voice and message data.
“The most disturbing fact is that they can not only monitor, which is part of a normal lawful interception activity, but actually manipulate communications,” Miller told TechRadar.
“This is more than mere observation. This is absolute control over Iran’s mobile network infrastructure. All mobile network operators must adhere to this and must integrate system commands directly.”
It therefore appears that the Iranian government has all the means to quell future protests, using such means to enforce restrictions and, most worryingly, to persecute dissidents. While the reviewed evidence cannot confirm that all of these possibilities actually exist, Miller believes it would be really hard to assume the opposite.
“We know they have suspended mobile services. We know that journalists and citizens have been captured,” he said. “The way Iran works, they don’t require anything unless they use it.”
It is worth noting that every government in the world allows law enforcement to some extent legally intercepting citizens’ mobile communications – even in democracies. However, these operations must generally be approved by the court system. There is no indication of such a legal process here.
“I think what makes it so scary is that they [Iranian authorities] they could do what they wanted,” said Miller.
As already mentioned, the leaked correspondence also revealed the involvement of some foreign suppliers in supporting such dystopian infrastructure. More specifically, British satellite communications consultancy Telinsol appears to have been dealing on behalf of Iranian MVNO Ariantel. The company has denied any involvement.
It appears that PROTEI, an international provider of telecommunications systems operating in Russia, has spoken to Ariantel about the possibility of its team flying to Iran for training.
An email exchange with Canadian mobile services retailer PortaOne related to the potential sale of platform management software. The company first denied such allegations but then admitted the deal was put on hold after further review, Citizen Lab reported.
As experts note, corporate entities have an obligation to prevent or mitigate the negative impact on human rights associated with their activities. But, as Miller said, “The evidence we’ve seen shows that they tried to market their products being very conscious of the requirements.”
What threatens the Iranians?
Whether or not Iran’s mobile espionage handbook is ready, it seems that the authorities have both the resources and intentions to carefully control what citizens do with their smartphones.
The stakes for Iranians are extremely high, especially given the ongoing wave of protests. According to latest daily stats (opens in a new tab) from the US Human Rights Activists Information Agency (HRANA), more than 14,700 prison sentences have been handed down since September last year. Four protesters were executed and more than a hundred are suspected of the same fate.
These numbers are alarming, especially since while VPN use has skyrocketed among citizens, experts believe that over-reliance on such security software on mobile devices could be more harmful than beneficial in these circumstances. This is compounded by the fact that authorities are actively looking for suspicious encrypted traffic as part of a harsh crackdown on VPN services.
“They obviously want to monitor communications, and a VPN is a workaround method to prevent this type of activity,” Miller explained.
“However, we also know that some people have been questioned because they use a VPN. The only way you can determine this is by looking at the data traffic and legal interception infrastructure that allows them to specifically identify VPN users.”
This is something that Amir Rashidi, an expert on Internet security and digital rights also focused on Iran, caught the attention of The Intercept (opens in a new tab). “The government can easily identify the IP addresses used by a particular VPN provider, pass the addresses to that location feature, and then see where the people using that VPN are,” he said.
So what can Iranians do to best secure their communications?
According to Miller, the best way to do this is to use a message encryption app like Signal, where you can enable the disappearing mode option. This means that even if authorities gain access to the app, there will be no records of potentially incriminating past conversations.
Another important step is to download reliable mobile antivirus software, as there is evidence that users are being targeted by malware, Miller said again. Most likely to compromise even more data about them.
It also suggests, yes, using a VPN, but doing it strategically. This means that you should not keep the software running all the time to avoid raising the alarm with the Iranian authorities. Moreover, protesters should also consider turning off their phones completely while attending a rally.
“Just be aware that someone is watching.”
In the meantime, Citizen Lab is committed to conducting further research in this direction as more information becomes available.
“I have a very long history of working with mobile network operators and I know how scary it is how these systems work. The aim is to educate people about what is really going on in these countries.”