No, Signal has not been hacked.
-
No, Signal has not been hacked. However, we do recommend turning off showing Signal content in notifications because the content is stored in memory on device. Apparently, this memory can be retrieved if an attacker has physical access to an unlocked device and has the right tool.
Signal Security Checklist | Digital Security Checklists for Activists
Configure Signal to protect your messages and calls
Activist Checklist (activistchecklist.org)
-
E em0nm4stodon@infosec.exchange shared this topic
R relay@relay.publicsquare.global shared this topic -
No, Signal has not been hacked. However, we do recommend turning off showing Signal content in notifications because the content is stored in memory on device. Apparently, this memory can be retrieved if an attacker has physical access to an unlocked device and has the right tool.
Signal Security Checklist | Digital Security Checklists for Activists
Configure Signal to protect your messages and calls
Activist Checklist (activistchecklist.org)
@HasSignalBeenHacked uhm... if an attacker has access to the unlocked device...... why wouldn't he just open signal? (And no, I did actually not read the article, usually I do before asking stuff like that, but news like these have often bugged me in some CVE related disclosures as well.)
-
@HasSignalBeenHacked uhm... if an attacker has access to the unlocked device...... why wouldn't he just open signal? (And no, I did actually not read the article, usually I do before asking stuff like that, but news like these have often bugged me in some CVE related disclosures as well.)
@jesterchen Yeah, that’s a great point. However, here’s an article in the news today that folks are talking about. Someone deleted the signal app but the notifications were still retrievable.
FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.
404 Media (www.404media.co)
-
@HasSignalBeenHacked uhm... if an attacker has access to the unlocked device...... why wouldn't he just open signal? (And no, I did actually not read the article, usually I do before asking stuff like that, but news like these have often bugged me in some CVE related disclosures as well.)
@jesterchen @HasSignalBeenHacked this is about the news that agencies were able to access the notification database for the device using digital forensic techniques, i.e. special tools that can access the iOS filesystem -- push notifications turn out to be held unencrypted in a database on the iOS filesystem, and are thus pretty easy for enforcement to get at.
But it doesn't mean that they are able to access the Signal application itself, if the device was off
-
@jesterchen Yeah, that’s a great point. However, here’s an article in the news today that folks are talking about. Someone deleted the signal app but the notifications were still retrievable.
FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.
404 Media (www.404media.co)
@HasSignalBeenHacked thanks for your reply. As I said: usually I read articles first,...
The new link is behind a paywall, but what I can see leads to new questions: Do people really believe, data is lost as soon as I delete something? And this is not even asking about other places where data might be stored. If I delete files, usually they're not physically deleted, only the allocation get's destroyed... and yeah, what typical user does know something like that, I know... (and that is long before clear vs. purge vs. cryptographically destroy like in NIST SP 800-88r2 or such).
And as long as the device is unlocked, the encryption won't help.......
And I know how difficult it is to explain the "basics" of this. So thanks again for the clarification.
-
@HasSignalBeenHacked thanks for your reply. As I said: usually I read articles first,...
The new link is behind a paywall, but what I can see leads to new questions: Do people really believe, data is lost as soon as I delete something? And this is not even asking about other places where data might be stored. If I delete files, usually they're not physically deleted, only the allocation get's destroyed... and yeah, what typical user does know something like that, I know... (and that is long before clear vs. purge vs. cryptographically destroy like in NIST SP 800-88r2 or such).
And as long as the device is unlocked, the encryption won't help.......
And I know how difficult it is to explain the "basics" of this. So thanks again for the clarification.
@HasSignalBeenHacked And thanks for the list to the checklist above. I will share it.
-
R relay@relay.mycrowd.ca shared this topic
-
@jesterchen @HasSignalBeenHacked this is about the news that agencies were able to access the notification database for the device using digital forensic techniques, i.e. special tools that can access the iOS filesystem -- push notifications turn out to be held unencrypted in a database on the iOS filesystem, and are thus pretty easy for enforcement to get at.
But it doesn't mean that they are able to access the Signal application itself, if the device was off
@caitp @jesterchen @HasSignalBeenHacked
I don't even have this option, Notification Content, in GrapheneOS. -
@caitp @jesterchen @HasSignalBeenHacked
I don't even have this option, Notification Content, in GrapheneOS.@kete @jesterchen @HasSignalBeenHacked it's a part of the Signal app's settings, I'm not sure if that's what you're referring to, could be iOS-specific
-
No, Signal has not been hacked. However, we do recommend turning off showing Signal content in notifications because the content is stored in memory on device. Apparently, this memory can be retrieved if an attacker has physical access to an unlocked device and has the right tool.
Signal Security Checklist | Digital Security Checklists for Activists
Configure Signal to protect your messages and calls
Activist Checklist (activistchecklist.org)
@HasSignalBeenHacked
I followed the steps, until it got to looking for "Notification Content". That selection does not exist on my copy of Signal. -
No, Signal has not been hacked. However, we do recommend turning off showing Signal content in notifications because the content is stored in memory on device. Apparently, this memory can be retrieved if an attacker has physical access to an unlocked device and has the right tool.
Signal Security Checklist | Digital Security Checklists for Activists
Configure Signal to protect your messages and calls
Activist Checklist (activistchecklist.org)
@HasSignalBeenHacked On Android I see the option under Settings -> Notifications -> Messages -> Show -> No name or message
-
No, Signal has not been hacked. However, we do recommend turning off showing Signal content in notifications because the content is stored in memory on device. Apparently, this memory can be retrieved if an attacker has physical access to an unlocked device and has the right tool.
Signal Security Checklist | Digital Security Checklists for Activists
Configure Signal to protect your messages and calls
Activist Checklist (activistchecklist.org)
Putting on my user hat...
OK. Signal has forward secrecy. So messages are gone after I receive them. Great!
Oh, you didn't turn on disappearing messages? Oh, right, then forensic tools like Cellebrite can get them. You have to turn on disappearing messages. The default is off.
Oh, you did turn on disappearing messages? We send the messages in notifications. So the OS can keep them. Turns out Apple was doing that. There is an option you can turn on to prevent that. It is off by default.
At what point does the usability get so bad that we can blame the messaging system?
This same app had a usability issue that turned into a security issue just last year:
End to End Encrypted Messaging in the News: An Editorial Usability Case Study
https://articles.59.ca/doku.php (my article)
