Originally reported by Schneier on Security
TL;DR
A popular Iranian prayer app with over 5 million downloads was allegedly compromised by US and/or Israeli intelligence services to broadcast propaganda messages to users immediately following explosions in Iran. The rapid deployment suggests pre-existing access to the application infrastructure.
State-sponsored compromise of popular mobile app for psychological operations represents significant nation-state activity, but no technical exploitation details or broader security implications disclosed.
A popular Iranian prayer application has been compromised and used as a vehicle for what appears to be a coordinated US/Israeli propaganda campaign, according to security researcher Bruce Schneier's analysis of a Wired investigation.
The BadeSaba Calendar app, downloaded over 5 million times from the Google Play Store, began sending unauthorized push notifications to Iranian users shortly after explosions occurred in Iran. The messages started at 9:52 AM Tehran time with the phrase "Help has arrived," followed by additional notifications over a 30-minute period.
Schneier notes the operational tempo suggests government-level capabilities rather than opportunistic hackers. The coordinated timing of the messaging campaign immediately following the explosions indicates pre-positioned access to the application's notification infrastructure.
"It happened so fast that this is most likely a government operation," Schneier observed. "I can easily envision both the US and Israel having hacked the app previously, and then deciding that this is a good use of that access."
No group has claimed responsibility for the compromise. The technical details of how the app's notification system was accessed remain undisclosed.
The incident demonstrates how widely-distributed mobile applications can serve as platforms for information warfare operations. Prayer and calendar applications typically maintain persistent connections and notification permissions, making them attractive targets for psychological operations campaigns.
The compromise of BadeSaba Calendar represents a significant supply chain attack affecting millions of Iranian users, highlighting the dual-use potential of legitimate mobile applications in nation-state operations.
Originally reported by Schneier on Security