close button
Switch to Iranwire Light?
It looks like you’re having trouble loading the content on this page. Switch to Iranwire Light instead.
Technology

Google Authenticator Comes to Iran

October 7, 2016
Roland Elliott Brown
5 min read
Google Authenticator
Google Authenticator
Google Authenticator Comes to Iran

Iranian Google accounts are set to become a little safer as Google’s “authenticator” app arrives in Iran following a long delay.

Previously blocked to Iranians because of US technology sanctions, the authenticator is an app that helps users secure their online accounts using two-step identity verification.

Originally released in 2010, the app represents a step up from older forms of two-step verification, which required Google users who wanted to update their account information to enter a code they received via a text message. The authenticator instead generates a series of fast-expiring temporary passwords on the user’s phone itself.

“Google Authenticator is especially important in Iran because using the telecommunications network for two-factor and account recovery is risky,” says Collin Anderson, a researcher on Internet policies and state-sponsored hacking.

“We know that users have had their Google and Telegram accounts stolen through someone resetting the password using their phone number. The danger is that the mobile provider could collaborate with security forces to intercept these messages. This provides a backdoor into accounts. It seems this vulnerability is actively exploited by the government.”

“In Iran, the telecommunications companies are owned by the Islamic Revolutionary Guards Corps,” says Amir Rashidi, Internet freedom researcher at the International Campaign For Human Rights in Iran. The Revolutionary Guards, he says, operate independently of the government of President Hassan Rouhani, and are not accountable to it, or to the public.

Rashidi has personally encountered the techniques of people he believes to be  Iran’s state sponsored hackers.

“Interception of text messages is very normal in Iran,” he says. “It happened to a friend of mine who is a journalist. She sent me a message saying, ‘I'm seeing something unusual on my Telegram account, and I want to know what's going on.’ I understood that hackers had sent her a message asking for a recovery code on Telegram and that Telegram sends recovery codes through text messages. This is not happening only for Telegram. It also happened to her Gmail account as well. They intercepted her text messages and logged into her account very easily. The hacker was super fast. I think that that night she got more than 20 text messages.” Ultimately, Rashidi recommended that his friend close her account. “There was no other way to keep her safe,” he says.

The Hackers’ Chilling Effect

“Most governments can access your text messages, that's pretty standard,” says Meg Hood of asl19, a technology group founded in 2012 to help Iranians bypass Internet censorship. “The main thing is that the consequences of interception are much more serious in Iran than they are, say, in England. So taking this step and making that interception harder is a good way forward.”

What is particularly worrying for some Iranians is the chilling effect online insecurity has had on civil society and free expression. “When you feel less safe online, you have fewer chances to freely express yourself,” says Ali Bangi, also of asl19. “I have often seen that when someone's account is hacked, they just decide to shut down it down.”

“It's all about communications,” Rashidi says. “When a Google account is hacked, so is everything connected to that Google account. For example, if someone has a blog on Blogspot, they need to log in to that blog with their Google account. So if the government wants to stop you from writing a blog, hacking your Google account is one of the best ways to stop you.”

In Iran today, he says, the Telegram messaging service is one of the most popular means through which people discuss sociel problems. “Those kinds of conversations can become the basis for online campaigns or articles,” he says. “But if people feel they are not safe online, these forms of expression will be damaged.”

Sanctions “Overcompliance” Hindered Online Security

In recent years, ever since the US ramped up sanctions over Iran’s nuclear program under then-Secretary of State Hillary Clinton, there has been considerable controversy over technology companies’ “overcompliance” with US sanctions laws, which hindered ordinary Iranian’s access to online services.

While Clinton famously spoke about the need for greater freedom online, and the US Treasury exempted some online services from sanctions, many technology companies proved over-cautious about delivering services to a country under such heavy sanctions.

Now, more than a year after Iran signed a nuclear agreement with the US and five other powers, the atmosphere appears to be changing.

“It's a couple of factors,” Bangi says. “One, after the Iran deal, the US government wants to show a good gesture and a positive tone, and maybe wants to reduce those punishments that come with the sanctions.” The US government, he says, has overall tech sanctions, but also offers companies “general licenses” for certain services, such as most Virtual Private Networks, or VPNs, which some Iranians us to bypass government Internet censorship.

The other factor, he says, is pressure on tech companies from civil society groups. “Civil society groups, especially those North America, have good access to Google. They have had private meetings with them and have raised the issue of Iranians’ online security. There are also very well organized Iranian-Americans Google employees who are working toward the opening up of security applications.”

This is also, Rashidi points out, a matter of social responsibility. “Forget for one moment about Iran and sanctions,” he says. “Google is always saying, ‘We are here to protect your data and your privacy.’ So providing such a service is part of Google's responsibility to keep their customers safe.”

In the end, Hood says, providing the app to Iranians also good business for Google. “As well as being a social responsibility, it's a commercial responsibility," she says. "If they want to retain users, and retain their data and keep making money off of user data, they need to retain their trust. That may have been a part of their decision."

comments

Images of Iran

Children and the Holy Month of Muharram

October 7, 2016
IranWire
Children and the Holy Month of Muharram