Iran uses spyware to track and control citizens’ phones at protests - leaked documents

The Iranian government is using spyware to monitor and control protestors throughout the country as anti-government demonstrations over the death of a woman under police custody, leaked documents have revealed.

According to the outlet, The Intercept, leaked internal Iranian documents – in both Farsi and English – the government’s Communications Regulatory Authority (CRA)is using mobile surveillance tools to track, decrypt messages and block internet access on smartphones owned by its citizens.

Known as SIAM, the spyware has a total of 40 functions, including tracking, reading messages and reducing devices’ internet capability to 2G coverage. Those functions, especially the latter one, not only prevents phones from accessing the internet, but makes it easier to decrypt messages due to the limitations of a 2G network.

The capabilities the software provides to the CRA allows the organisation’s operators to monitor which phone numbers have connected to which cell towers, making it possible to track anyone attending a protest and to correlate metadata into detailed summaries of who spoke to whom, when and where.

The evidence of the CRA’s use of the spyware was discovered among years of email correspondence and documents shared by employees of the Iranian mobile network, Ariantel, as well as outside contractors and Iranian government personnel, with the records obtained by a hacker who claims to have accessed Ariantel’s systems.

READ: Iran to prosecute 1,000 protesters in public courts

According to mobile security research lead at security research organisation, The Citizen Lab, Gary Miller, the evidence seems to explain “many media reports of [Iranian] users having difficulty using their phones while protests occur”. While Tehran’s use of spyware is not surprising, Miller said, “the direct access that the government requires to independently control single or multiple phones within an area including the capability to control the data speeds, is a revelation in my experience”.

To block the tracking of their phones and devices will be difficult for Iranian protestors, the researcher admitted, stating that “turning off the phone and only using it in certain conditions may be effective, but other technologies outside of traditional cellular network usage may be the only way to side-step some of the control mechanisms.”

Since the death of a 22-year-old woman named Mahsa Amini under police custody two weeks ago, after she was arrested for allegedly wearing her headscarf loosely, protests have erupted throughout Iran and have resulted in the deaths of hundreds. While the police claim Amini died from a heart attack, her family and protesters insist she was beaten to death by the police.

So far, over 14,000 people have been arrested over the ongoing unrest, including 253 students. With the revelation that the Iranian government is using a spyware like SIAM, that confirms its capability to build a largely accurate network of activists and dissidents throughout the country, and is a cause for concern of further arrests and persecution by authorities.

READ: ‘Bloody Friday’ highlights the plight of the Baloch in Iran