Share this article on:
Privacy is at a premium in the modern age, and nowhere is that more true than in autocratic countries like Iran. And while many in such places might turn to VPNs to gain a measure of security and privacy, it’s not always the most reliable option, as researchers at Bitdefender have recently discovered.
It appears that the Iranian-made 20Speed VPN features components of a surveillance app called SecondEye, which itself was developed and is commercially available in Iran.
However, the SecondEye components are not installed via a legitimate installer, but rather via the VPN installer itself, effectively turning it into a Trojan horse for the monitoring software.
SecondEye servers operate in Iran and, surprisingly, Germany, and can monitor keystrokes as well as access images, documents, and even crypto wallets.
The compromised VPN has been circulating since May 2022.
“Detections peaked in August and September,” Bitdefender reports. “Most of these detections originate from Iran, with a small pool of victims in Germany and the US.”
According to researchers at Blackpoint, SecondEye is largely marketed as a parental control app or a staff monitoring system. But the company admits it’s also ideal for shadier operations.
The software’s About page (which is itself difficult to access from many countries) notes that “monitoring systems can be used for illegal activities, surveillance or espionage”, though the company takes no responsibility if that’s what its users want to do.
Iran is cracking down on many forms of communication following unrest in the country protesting the death in custody of 27-year-old woman Mahsa Amini, after she was arrested for breaking Iran’s dress code rules for women.
WhatsApp recently announced a feature aimed at freedom of speech in Iran, allowing users to sign up to independently-hosted proxy servers.
“Happy New Year!” said WhatsApp boss Will Cathcart recently. “While many of us celebrated by texting our loved ones on WA, there are millions of people in Iran and elsewhere who continue to be denied the right to communicate freely and privately. So today we’re making it easier for anyone to connect to WA using a proxy.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.