Iran blocks encrypted messaging apps amid nationwide protests

Featured

For the past six days, citizens have taken to the streets across Iran, protesting government oppression and the rising cost of goods. Video broadcasts from the country have shown increasingly intense clashes between protesters and riot police, with as many as 21 people estimated to have died since the protests began. But a complex fight is also raging online, as protesters look for secure channels where they can organize free of government interference.

Iran blocks encrypted messaging apps amid nationwide protests

Even before the protest, Iran’s government blocked large portions of the internet, including YouTube, Facebook, and any VPN services that might be used to circumvent the block. The government enforced the block through a combination of centralized censorship by the country’s Supreme Cybercouncil and local ISP interference to enforce more specific orders. The end result is a sometimes haphazard system that can still have devastating effects on any service the regime sees as a threat.

For years, Iran’s most popular encrypted messenger has been Telegram. While some cryptographers have criticized Telegram’s homebrew cryptography, local Iranian users have cared more about the app’s independence from the United States. (The app’s core development team is based in Russia, making it less vulnerable to US government requests.) The app’s massive group chats proved popular, and the government was content to target individual users, occasionally hacking accounts by intercepting account reset messages sent to the user’s phone number.

As protests intensified, Telegram has become both a tool for organizers and a target for the regime. On Saturday, Telegram suspended the popular Amad News channel for violating the service’s policy against calls to violence. One conversation was publicly called out by Iran’s Minister of Technology for recommending protesters attack police with Molotov cocktails. According to Telegram founder Pavel Durov, the government also requested suspensions for a number of other channels that had not violated the policy on violence. When Telegram refused, the government placed a nationwide block on the app.

The government also banned Instagram, although government representatives insist both bans are temporary and will be lifted once protests subside.

The most popular alternative among US activists is Signal, which offers similar group chat features with more robust encryption — but Signal is blocked in Iran for an entirely different reason. The app relies on the Google AppEngine to disguise its traffic through a process called “domain fronting.” The result makes it hard to detect Signal traffic amid the mess of Google requests — but it also means that wherever Google is unavailable, Signal is unavailable too.

At the same time, Google appears to have blocked Iranian access to AppEngine to comply with US sanctions. After years of diplomatic pressure, US companies face significant regulations on any technology exported to Iran, and it’s often unclear how those rules extend to cloud services like AppEngine. Still, researchers like Collin Anderson say Google could find a way to whitelist Signal in Iran if the company wanted to. (Google declined to comment when reached by The Verge.)

Still, the blocks leave organizers in a difficult place, with no clear way to coordinate activity across groups that often sprawl to hundreds of thousands of people. WhatsApp is still available in the country, although bans on the service have been proposed in the past.

Despite end-to-end encryption, your WhatsApp and Telegram chats can be spied on

Featured

end-to-end-encryptionEven though WhatsApp promises end-to-end encryption on all of its chats, and Telegram offers end-to-end encryption on secret chats, the truth is that messages on these platforms can still be hacked. The reason is because the messaging apps still rely on phone networks that use Signalling System No. 7, better known as SS7.

You might recall that back in April, we told you about SS7 when we passed along a story shown on 60 Minutes about hacking. SS7 is a protocol used to connect carriers around the world and affects all smartphone users regardless of the device they use. While SS7 can’t break the encryption employed by the two aforementioned messaging apps, it can be used to fool a wireless operator into helping the hacker open a duplicate WhatsApp and Telegram account in the name of the target.

The first step that a hacker employing SS7 does is trick the target’s carrier into believing that his phone number is the same as the target’s mobile number. Once that is accomplished, the hacker installs WhatsApp and Telegram on his phone, and uses the target’s number to set up new accounts. This will allow them to receive the secret code falsely proving that the hacker is the legitimate user of these accounts. Once all this is accomplished, the ruse is on as the hacker can send and receive messages pretending to be the target.

You can see how this all works by watching the pair of videos below. Most security firms still prefer WhatsApp and Telegram for their end-to-end encryption, which prevents “man-in-the-middle” hacks that redirect messages to a hacker’s phone. But obviously, opening a duplicate account can allow hackers to read messages not intended for their prying eyes.

The secret American origins of Telegram, the encrypted messaging app favored by the Islamic State

Featured

The secret American origins of Telegram, the encrypted messaging app favored by the Islamic State

An encrypted communications app called Telegram has been in the news a lot this week, amid fears that the Islamic State has adopted it as its preferred platform for messaging.

On Nov. 18, Telegram reportedly banned 78 ISIS-related channels, “disturbed” to learn how popular the app had become among extremists. Those extremists had used the app both to spread propaganda, according to an October report, and to crowdfund money for guns and rockets, according to Vocativ.

Telegram makes an obvious choice for both activities: In media interviews and on his Web site, the app’s founder — Pavel Durov, often called the “Zuckerberg of Russia” — has boasted that Telegram is technologically and ideologically unsurveillable. In the wake of the terrorist attacks in Paris, however, questions have begun to emerge about how trustworthy Telegram actually is.

Multiple cryptologists and security experts have claimed that Telegram is actually not all that secure: a flaw that may reflect the fact that Telegram wasn’t initially conceived as an encrypted messaging platform.

On top of that, while Telegram is typically described as a highly principled, Berlin-based nonprofit, that hasn’t always been the case: Up until about a year ago, Telegram was an opaque web of for-profit shell companies — mired in conflict and managed, in large part, from the United States.

“Pavel is really unpredictable,” said Axel Neff, the estranged co-founder and former chief information officer at the company. “His biggest drive has always been notoriety.”

Neff makes an odd protagonist in a tale of international corporate intrigue. Raised in rural ski country south of Buffalo, N.Y., and schooled in engineering, Neff was essentially working in construction when Durov founded Russia’s largest social network, Vkontakte, in 2006. Neff’s a salt-of-the-earth guy — a Bills fan and the co-owner, with his mother, of a train-themed restaurant — who seems to have stumbled into Russian tycoon circles entirely by accident. (Neither Pavel nor Telegram returned the Post’s request for comment.)

In college, one of his high school buddies studied abroad in Russia, where he was fortuitously placed in a study group with Durov and a guy named Ilya Perekopsky. Neff befriended Perekopsky when he came to Buffalo for a summer to practice English; Perekopsky went on to help found VK. Before he knew it, a random 28-year-old who drove an old Toyota and lived in rural New York state was the assistant director of international operations at one of the world’s largest social networking companies.

Neff was pretty good at his job, according to court documents made public in 2014 that shed light on the business practices and dealings of Telegram — although he did depart, that same year, under sketchy circumstances. After joining VK in 2008, Neff helped develop the site in foreign markets and transition it away from vkontakte.com URL. By 2011, when the political situation in Russia was making business perilous for social networks and other Internet companies, Neff was good friends with both Durov and Perekopsky. In 2012, they and several other VK executives began discussing a new app; Neff began researching server space and renting a downtown Buffalo office.

At the time, Neff said, the concept for the company was simple: a series of messaging apps — of which Telegram would be the first — that relied not on cellphone carriers but on data networks.