Israel hacks prayer app to push propaganda to Iran: report • The Register

Israel has reportedly hacked the popular Iranian prayer calendar app BadeSaba to distribute propaganda messages urging military members to oppose the regime, according to a report from Reuters. The incident highlights how digital infrastructure can be weaponized for psychological operations during conflicts.

The app, which claims around 37 million downloads in Iran, became an unexpected vector for information warfare when users began receiving notifications with messages like "It's time for reckoning" and "Help has arrived." These messages reportedly urged members of Iran's military to join opposition forces against the current government.

Security researcher Hamid Kashfi, founder of DarkCell, identified the app as an "interesting target" for several reasons. Beyond its massive user base, BadeSaba's audience consists primarily of religious individuals who are more likely to support the regime and serve in the military. The app also requests location access to function, providing potential attackers with valuable user telemetry data that could be exploited for various purposes.

The app's developer has not responded to requests for comment about the reported breach.

Lukasz Olejnik, an independent security consultant and visiting senior research fellow at King's College London, characterized the incident as exactly what he predicted in his 2024 book Propaganda. He emphasized that this represents a psychological operation rather than a traditional cyberattack, designed to influence Iranian society and security forces.

"Push notifications are trusted by design," Olejnik explained to The Register. "The entire model assumes that if you installed an app, the messages it sends are legitimate." This fundamental trust in notification systems makes them particularly effective for information operations.

For software developers and operators, Olejnik stressed the importance of understanding that notification infrastructure becomes a high-value target during conflicts. Many apps delegate push notification delivery to third-party services or platform-level infrastructure, adding layers of complexity to security considerations.

"Developers and operators should map how they use it and update their risk assessments accordingly, especially those with significant user bases," he advised. The incident demonstrates how control over digital infrastructure creates new avenues for influence operations.

Olejnik described push notifications as creating "an infrastructural, logical channel between the media or apps, and the user," identifying this as fundamentally an issue of architecture. The breach raises questions about what protections exist for users and whether there are meaningful ways to verify the authenticity of push notifications.

For individual users, Olejnik suggested that skepticism about displayed content remains the primary defense, though he acknowledged this may be difficult to maintain given how push notifications are designed to be immediately trusted and acted upon. The incident serves as a stark reminder of how everyday digital tools can be transformed into instruments of modern psychological warfare.