Iran Blocks Signal Messaging - ThreatWire
Added 2021-02-09 19:17:19 +0000 UTCBy Shannon Morse, ThreatWire
The communications and messenger app Signal has been in the news a lot lately due to a surge in new subscribers, but also because of censorship by the Iranian government. According to public posts on Signal’s blog, Iranian censors have started blocking Signal traffic within the country. Users began to report outages when they tried to send communications through the end to end encryption app.
It appears the block happened because the Iranian government started noticing a spike in Signal traffic after many folks moved to their platform in response to WhatsApp's new policy, which was expected to go into effect this month, but has since been delayed. The government called Signal “criminal content” and that the content would be “removed by the order of the Criminal Content Designation Taskforce”. There has been no comment from Iranian republic officials.
Signal said they’d make an update available within a few days which would give folks in Iran the ability to use their service again. Signal recommended users use a TLS proxy that can bypass the network block and will still securely route traffic to the Signal service. Using a TLS proxy is a legitimate way to send data securely, and in this case, it would be very easy to set up, as a user would just need to get the link to Signal's proxy. If someone wanted to set up their own Signal proxy, the blog post also included a tutorial on doing so. A proxy operator would not be able to see any traffic, since the data is still end to end encrypted.
Later, articles were published saying there was a vulnerability in this workaround, but the story has been disputed and received conflicting reports. Signal founder Moxie Marlinspike also refuted the claims on twitter.
Anyone can help by running their own proxy, and to do so they’d need a server with ports 80 and 443 available, as well as a domain name that points to the server’s IP address. They would then need to SSH to their server, install a few repos, clone the Signal TLS Proxy repository, and configure a Let’s Encrypt certificate for TLS. Launching the proxy is done through Docker Compose, and the proxy owner could then share their proxy with anyone they wanted to. Proxy info can be set manually within Signal, or a user could simply click a signal.tube link from a trusted friend or family within another app to allow Signal to automatically configure the proxy support.
All of the CLI commands are included in their blog, and it’s a really simple process. Signal also started a hashtag: #IRanASignalProxy to get the word out, but recommended not publicly posting the proxy signal.tube link since that could be added to a blacklist of IPs by the Iranian government.
Support ThreatWire! https://www.patreon.com/threatwire
Signal Proxy TLS Vuln:
https://signal.org/blog/help-iran-reconnect/
https://twitter.com/signalapp/status/1353839763388649473
https://www.cyberscoop.com/signal-iran-encryption-ban-app/
https://www.bleepingcomputer.com/news/security/removal-notice-for-signal-article/
https://twitter.com/moxie/status/1358588649919549440
https://twitter.com/search?q=%23IRanASignalProxy&src=typed_query
