23 comments

[ 2.7 ms ] story [ 57.1 ms ] thread
It looks like they implemented a read only version of the App with worse UI, and scary used-by-criminals framing.

This is not newsworthy, there are normal tools that do similar things: https://github.com/xeals/signal-back

Ugh.

I agree that it isn't groundbreaking and I'm surprised to find it posted here.

But to the average digital forensic examiner (working for police, lawyers, corporate investigators etc.) it means rather than having to use a separate tool (or asking a more technically qualified analyst to assist, or missing them altogether), Signal related artefacts are now processed and presented alongside everything else that Cellebrite PA supports (i.e. other built-in and third-party applications, media files, OS logs etc.). If they don't support Signal already, the dozens of other commercial and open-source forensic tools and their customers will benefit from this article soon, as will the poor folks responsible for maintaining quality standards in forensics labs (such as ISO 17025).

EDIT: Example of a Cellebrite competitor with similar a capability: https://blog.oxygen-forensic.com/115-2/ ("Oxygen Forensic® Detective enables extraction and decryption of encryption keys from the Android KeyStore on Android devices that are not using hw-backed keys in the encryption process.")

first sentence "Gang members and drug dealers have been quick to adopt ways to screen their communications. " .. im sure this article wont be biased by any means....
How do they get the key?

This sounded like just the process you’d use once you have the key, but getting the key is presumably the hardest part.

So, is Signal Secure?

Secure vs what? Or whom? Or in what scenarios? Nothing on earth "is secure" =)
> How do they get the key

Cellebrite doesn't have a way to extract secrets from an HSM for Signal or any other app. If the secrets aren't in an HSM, then they have this new feature to automatically take advantage of that.

So Signal is still secure. Just perhaps not on a $50 Cricket phone with no HSM. But then again, neither is anything else.

> Just perhaps not on a $50 Cricket phone with no HSM.

On some more expensive devices keys can be obtained from RAM[1].

[1] https://www.cellebrite.com/en/blog/decrypting-databases-usin...

If the keys are in RAM then they aren't in an HSM- they're in RAM (as well as the HSM, but that's irrelevant).

More importantly, the app is already unlocked anyway if the keys are in RAM. So that just lets you keep it unlocked. It doesn't help you unlock an app that was locked when you got access to the device.

If I'm reading this right (and I am only on my second coffee so it's possible I'm not) the whole decryption process relies on getting an initial decryption key out of the Android Keystore. They kind of gloss over they do that in the first place. Presumably the phone has already been compromised to enable access to the Keystore.
Basically you need root access to your own device. It's like "decrypting Chrome data" when you just look into ~/.config/chrome after your disk encryption keys have been entered.

(Android devices use Full Disk Encryption by default and extracting this data needs an attacker that has gained access to unlocked storage first.)

It's not that simple. Keystore uses an HSM if available. Decrypting FDE and having root gets you nowhere if the keys are in an HSM.

The only way to secrets on a device with an HSM is to get past FDE, get root, and disable the HSM BEFORE the keys are created/stored.

Disabling the HSM after the keys have been stored simply wipes the keys and makes them unrecoverable forever.

This immediately smells of marketing bullshit:

> Decrypting messages and attachments sent with Signal has been all but impossible…until now.

> We found that acquiring the key requires reading a value from the shared preferences file and decrypting it using a key called “AndroidSecretKey”, which is saved by an android feature called “Keystore”.

Yeah, if you have all the keys you can decrypt stuff..

This is dumb, pleas please do not upvote

> Yeah, if you have all the keys you can decrypt stuff..

I expect the intended audience for this article is digital forensics examiners, who might be employed by say law enforcement or corporate investigators. Not the average Hacker News crowd.

Signal has considered this by adding an additional client-side "encrypted my messages" locally. So I'm curious if this is what they are referring to.

Post-physical unlocked HD access to the device, aka digital forensics.

(comment deleted)
So is the goal here to basically root the android / iphone, then grab the encryption key, then grab the decrypted signal app data, then grab the encryption key? I mean makes sense as a tool if they can automate that well.
(comment deleted)
What an odd article. The code showing how the database is encrypted on the device is obviously open source so it's not really a very interesting feat of detective work to... read the code and find out how it works. They could even have just copied the code.

The much more interesting question is how they might extract keys from the Android Keystore (where key material is very often stored in a Secure Element or similar), but they don't even mention that this might be quite challenging - the article just ignores the question.

You can get the keys if you root the device and force keystore to be software backed. But that has to happen before you provision Signal and it's kinda your prerogative as the device owner.
> but the app also employs a proprietary open-source encryption protocol

Isn't that an oxymoron?

Proprietary likely means "not standardized" / "specific to Signal" in this context.