Iranian Prayer App Hacked to Send ‘Surrender’ Messages

Residents of Tehran and several other Iranian cities were startled awake early Saturday by the sound of powerful explosions. These were the result of coordinated military strikes by Israel and the United States, described by the officials as preemptive actions following a collapse in diplomatic talks. The attacks also come months after widespread domestic protests, which government figures state resulted in over three thousand civilian deaths.

Shortly after the initial blasts, a wave of unexpected notifications began appearing on millions of phones. These messages did not originate from official government channels but from a popular prayer and calendar application named BadeSaba Calendar, which boasts more than five million downloads on the Google Play Store. The app had apparently been compromised.

The notifications flooded user devices over a thirty-minute period, starting at 9:52 AM local time with a banner stating “Help Has Arrived.” No individual or group has formally taken responsibility for this cyber intrusion. Shared screenshots reveal the messages were directed at Iran’s military personnel, urging them to lay down their arms with promises of amnesty and to join what the texts called “the forces of liberation.”

One notification sent at 10:02 AM declared, “The time for revenge has come,” asserting that the state’s security forces would be held accountable for actions against civilians. It extended an offer of forgiveness to anyone who switched sides to defend the Iranian people. A subsequent message at 10:14 AM called on “oppressive forces” to surrender their weapons or join the liberation effort “for a free Iran,” framing it as the only way to ensure their survival.

Cybersecurity experts verified that users of the BadeSaba app received these push notifications coinciding with the physical strikes. However, pinpointing the culprit remains a challenge. Digital rights researcher Narges Keshavarznia noted the difficulty of attribution, stating it is too early to conclude whether the hack was conducted by Israeli entities or by anti-government factions within Iran. Morey Haber, a chief security advisor, emphasized the operation’s sophistication, suggesting the app was likely compromised well in advance with messages strategically timed for maximum psychological impact during the kinetic attacks. He characterized the incident as a precise, nation-state level cyber operation, far from a simple, opportunistic hack.

In response to the initial strikes, Iran launched its own retaliatory attacks targeting military installations across the region, with explosions reported in Bahrain, Kuwait, the UAE, and Qatar. Several inbound missiles were intercepted by defense systems.

The conflict has rapidly expanded into the digital domain, severely impacting civilian communication. The Iranian public is contending with extensive internet blackouts and degraded connectivity, a situation that began weeks ago and has intensified. Network data shows the country’s overall internet traffic has plummeted to just four percent of normal levels. Critical domestic data centers and points of presence have lost their links to the global internet or are experiencing major disruptions.

The breakdown extends beyond online access. Telephone lines and SMS services are failing, while mobile data and fixed broadband connections have become severely unreliable. Reports indicate international calls into Iran are also affected. The disruptions are so pervasive that even circumvention tools like VPNs have become nearly impossible to use, effectively isolating much of the population from the outside world as the crisis escalates.

(Source: Wired)