View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 3, 2022

Iran is using spyware to track citizens attending protests

The government in Tehran is using tools to control internet access and intercept messages, leaked documents appear to show.

By Claudia Glover

Iran is using mobile surveillance tools to track smartphones owned by its citizens, leaked documents have revealed. The spyware, called SIAM, can track, decrypt messages and block internet access on smartphones and has been used by the country’s Communications Regulatory Authority (CRA) to keep tabs on people taking part in protests which have taken place across Iran in recent months.

Islamic government is tracking mobile phones of dissidents
The Iranian government is using surveillance technology to track the smartphones of dissidents. (Photo by tanitost/Shutterstock)

This discovery comes amid furious protests in Iran. Political unrest began with the death of 22-year-old Mahsa Amini, who died shortly after being detained by police for allegedly wearing her hijab incorrectly. It is widely believed that Amini was a victim of police brutality, and her death has led to widespread protests denouncing the Iranian government.

Since the beginning of the protests in September more than 14,000 people have been arrested, including 253 students, in demonstrations across 132 cities and towns and 122 universities, reports Reuters. After one of the larger protests that took place at the end of October, 283 protesters had been killed including 44 minors and 34 members of the security services. 

How Iran’s government is tracking mobile phones of citizens at protests

Internal documents seen by The Intercept appear to prove that SIAM has been used by the CRA, a department of the Iranian government, to track how customers use their phones. The tool has a total of 40 functions, including tracking, reading messages and reducing internet capability to 2G coverage. This is significant as, not only does it prevent the phone from accessing the internet, but messages sent over a 2G network are much easier to decrypt. Multi-factor identification can also be undermined with this tool as texted verification codes can be accessed. 

SIAM operators within the CRA can see which phone numbers have connected to which cell towers, meaning they can track those present at a protest.

Not only does SIAM provide these tools, the software can also correlate the metadata into detailed summaries of who spoke to whom, when and where, creating a detailed picture of active dissidents and protesters for the authorities to use at their will.

The records were obtained by a hacker who claims to have accessed systems at Iranian phone network Ariantel. Evidence of SIAM’s use was found among years of email correspondence and documents shared by Ariantel employees, outside contractors and Iranian government personnel. 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Iran’s control of mobile phones ‘a revelation’

The use of such a tool by the government in Tehran comes as no surprise to security experts, though the granular level of information available via SIAM is notable, says Gary Miller, mobile security research lead at security research organisation The Citizen Lab. “We have seen many media reports of users having difficulty using their phones while protests [in Iran] occur,” Miller says. “However, the direct access that the government requires to independently control single or multiple phones within an area including the capability to control the data speeds, is a revelation in my experience

It will be difficult for Iranians to block the tracking of their phones, Miller says. “Awareness is the first step for users,” he explains. “The next is how to mitigate these actions taken by Iran, which is much more difficult. It can be said that turning off the phone and only using it in certain conditions may be effective, but other technologies outside of traditional cellular network usage may be the only way to side-step some of the control mechanisms.”

Using SIAM could prove an effective way to quell the protests, says Carolina Caeiro, senior governance and policy specialist at Oxford Information Labs. “If you are an Iranian citizen and you know the government has the information at their disposal you may choose not to attend,” she says. “Once local activists get hold of this tech, I imagine that we will see a slow-down. Knowing the government is tracking you will lead to self-censorship.” 

If they are not stopped completely, they will at least be driven underground, argues Greg Austin, head of future conflict at the International Institute for Strategic Studies. “I think that Iranian protesters and opposition groups will be reminded that they can’t operate unguarded in cyberspace and telecoms,” he says. “They really need to be much more careful.”

This use of surveillance technology by the Iranian government should serve as a warning for western democracies that there are very real dangers to allowing the spread of self-sovereign internets, warns Caeiro. “Examples like this one illustrate the importance of protecting the internet today,” she says. “Western governments need to steer clear of governing models that are state-central. This is a cautionary tale of why we need to make sure the internet is multi-stakeholder.”

Read more: Iranian embassy in Albania raided as countries cut diplomatic ties over cyberwarfare

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.