Security
Headlines
HeadlinesLatestCVEs

Headline

The Challenge of Cracking Iran’s Internet Blockade

People around the world are rallying to subvert Iran’s internet shutdown, but actually pulling it off is proving difficult and risky.

Wired
#web#ios#android#google#git#auth#sap#wifi

Amid widespread protests across Iran sparked by the death of 22-year-old Mahsa Amini in “morality police” custody earlier this month, the government has imposed severe and extensive internet blackouts and blocked numerous digital services around the country for days. With most of Iran’s 80 million citizens impacted, people around the world have been searching for ways to get Iranians back online. But every approach comes with caveats.

Iranians have faced escalating internet restrictions for years and have some workarounds in place as a result, like VPNs and other relay services. As repressive governments have increasingly deployed connectivity blackouts as a means to control citizens, the measure has morphed from a dark horse tactic to a well-known strategy. But even with increased awareness, there’s still no easy, affordable, and broad way to restore digital access to people whose government is actively blocking it.

Efforts to reinstate digital lifelines in Iran center around two goals. Both broadband internet and mobile data are suffering outages, thanks to what are essentially internet “off” switches—infrastructure the regime has spent years investing in. So one area of focus is the potential to establish alternative connections, namely through satellite services. But the government is also filtering and blocking access to specific digital services even when people can connect to Wi-Fi or mobile data. This means people inside and outside of the country are also attempting to provide technical workarounds so Iranians can maintain access to vital services that would otherwise be inaccessible, like WhatsApp and Instagram. Given the extent of the government’s control, the logistical hurdles, and extensive global sanctions currently in place against Iran, progress is slow.

“The first thing we need to understand is that this time is different because they are going after every possible channel of communication,” says Amir Rashidi, director of internet security and digital rights at the Iran-focused human rights organization Miaan Group. “And this is something that was really new to us. As someone who’s worked on the internet of Iran for more than a decade, I never saw the Iranian government so aggressively going after every communication channel.”

Rashidi says that all email providers, including Yahoo Mail and Mail.com, are blocked. (Perhaps counterintuitively, Gmail, iCloud, and ProtonMail are still accessible.) Messaging platforms like WhatsApp and Instagram are also blocked, and the government is even cutting access to many video games because of their chat functions.

Last week, the United States Treasury Department issued a general license to create leeway within otherwise stringent sanctions for US tech companies to provide hardware, software, cloud services, and other technology to Iranians if they can find a way to do so.

“While Iran’s government is cutting off its people’s access to the global internet, the United States is taking action to support the free flow of information and access to fact-based information to the Iranian people,” the Treasury wrote. “The updated guidance will authorize technology companies to offer the Iranian people more options of secure, outside platforms and services.”

Some communication services have systems in place for attempting to skirt digital blockades. The secure messaging app Signal, for example, offers tools so people around the world can set up proxy servers that securely relay Signal traffic to bypass government filters. Proxy service has previously only been available for Signal on Android, but the platform added iOS support on Wednesday.

Still, if people in Iran don’t already have the Signal app installed on their phones or haven’t registered their phone numbers, the connectivity outages make it difficult to download the app or receive the SMS code used for account setup. Android users who can’t connect to Google Play can also download the app directly from Signal’s website, but this creates the possibility that malicious versions of the Signal app could circulate on other forums and trick people into downloading them. In an attempt to address this, the Signal Foundation created the email address “[email protected]” that people can message to request a safe copy of the app.

The anonymity service Tor is largely inaccessible in Iran, but some activists are working to establish Tor bridges within Iran to connect internal country networks to the global platform. The work is difficult without infrastructure and resources, though, and is extremely dangerous if the regime detects the activity. Similarly, other efforts to establish clandestine infrastructure within the country are fraught because they often require too much technical expertise for a layperson to carry out safely. Echoing the issue with safely downloading apps like Signal, it can also be difficult for people to determine whether circumvention measures they learn about are legitimate or tainted.

Users in Iran have also been leaning on other services that have proxies built in. For example, Firuzeh Mahmoudi, executive director of the US-based nonprofit United for Iran, says that the law enforcement-tracking app Gershad has been in heavy use during the connectivity blackouts. The app, which has been circulating in Iran since 2016 and is now developed by United for Iran, lets users crowdsource information about the movements of the regime’s “morality police” and is now also being used to track other security forces and checkpoints.

The basic issue of connectivity access is still a fundamental challenge. Efforts to provide satellite service as an alternative could theoretically be very fruitful and threaten the totality of internet blackouts. SpaceX CEO Elon Musk tweeted last week that he was “activating” the company’s Starlink satellite internet service for people in Iran. In practice, though, the option isn’t a panacea. To use Starlink or any satellite internet, you need hardware that includes base stations to pick up and translate the signal. Procuring and setting up this infrastructure takes resources and is especially infeasible in a place like Iran, where sanctions and trade blockades drastically limit access to equipment and the ability to pay for subscription services or other connectivity fees. And even if users can overcome these hurdles, jamming is also a potential issue. The French satellite operator Eutelsat said yesterday, for example, that two of its satellites were being jammed from Iran. In addition to providing internet services, the satellites also broadcast two prominent Iranian dissident television channels.

“There are just so many challenges of installing this in Iran,” Miaan Group’s Rashidi says. “If you have a terminal, my understanding is that Starlink is working, but getting those terminals into the country is a challenge. And then they are a security risk because the government can locate those terminals. And then, who is going to pay for all of it and how, given the sanctions? But even if you ignore all those issues, satellite base stations don’t solve the problem that mobile data is part of the shutdown. You can’t put a Starlink terminal in your backpack to go to a protest. So satellite connectivity would be helpful, but it doesn’t solve the issues.”

Though the problem is nuanced, human rights advocates and Iranian activists emphasize that the global community can make a difference by raising awareness and continuing to work on creative solutions to the problem. With digital censorship and connectivity blackouts being used as levers for authoritarian control, developing circumvention tools is increasingly vital. As United for Iran’s Mahmoudi puts it, “We all need to keep the lights on.”

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist