17 comments

[ 3.1 ms ] story [ 43.2 ms ] thread
It's hardly surprising that, with physical access to the device, the encrypted messages can be decrypted. Logic dictates that, for the app itself to be able to do so, the keys must be either stored locally or retrievable.

A more worrying attack would be something able to decrypt the traffic on the wire, or a man-in-the-middle.

Logs are not transferred to new devices either. Presumably disappearing messages are not left in the encrypted db file(?).
"if i can unlock the device, i can unlock the device!"

... yes?

> We found that acquiring the key requires reading a value from the shared preferences file and decrypting it using a key called “AndroidSecretKey”, which is saved by an android feature called “Keystore”.

I'm not familiar with Android, but is this an easy step, or a "draw the rest of the fucking owl" step?

Easy step, if you have already compromised the device.
It's the "draw the rest of the fucking owl" step because it implies you've already compromised the whole device.
> Decrypting Signal messages and attachments was not an easy task. It required extensive research on many different fronts to create new capabilities from scratch. At Cellebrite, however, finding new ways to help those who make our world a safer place is what we’re dedicated to doing every day.

Nice PR spin and non-story - yes, with access to the Android keystore secret, the database can be decrypted.

Doesn't work if the device has a functional root of trust, or Signal's password feature is used.

I wonder why Signal's locking/password feature is not enabled by default or at least hinted at.
Meh. Looks like they "found" how the app stores the key to its local database and they "figured out" how the file encryption is implemented.

Surprisingly to no one: if you have fully access to the Phone (including access to the user's keystore) you can use the Signal app (and thus read messages). Thanks for making "our world a safer place".

Duh? They're just reading messages from the local device. This isn't news. This isn't a remote attack, nor an attack on the protocol, nor anything like that.

This is pure marketing BS. "Decrypting Signal messages and attachments was not an easy task. It required extensive research on many different fronts to create new capabilities from scratch." is marketing speak for "we read some open source code and reimplemented it, and we want it to sound hard and difficult so you will pay us more money."

Cellebrite's stuff is based on 0-day vulnerabilities in phone OSes and hardware in order to extract the data. Once you have the data, the rest of it is parsing and formatting fluff to package up the data in an easily digestible form for law enforcement to use. This is about the latter. There is no vulnerability in Signal being cracked here. It's just doing the same thing Signal does to show you your own messages.

While potentially worrisome I always figured the biggest benefit of using Signal was the self destructing messages. If you are (as the article states) using Signal as a protester to "communicate securely with their teams marshaling protestors, discussing tactics..." I would definitely enable self destructing messages in short time frame.

Also in order to get to the Signal data storage you would first have to defeat the encryption of the device itself (ie. the encryption used by Android / IOS). I would assume that anyone who uses signal and really has something to hide has disabled fingerprint or face id and uses either a passphrase or pincode. It's going to be hard to ever access the signal storage that way.

I have self destructing messages turned on. But only because I’ve never understood the need to cling on to message histories year-after-year, from old device to new device, to the next. Maybe my circle of friends, and myself, just aren’t that interesting enough to archive. I delete email too, except anything financial.
> Signal keeps its database encrypted using SqlScipher, so reading it requires a key. We found that acquiring the key requires reading a value from the shared preferences file and decrypting it using a key called “AndroidSecretKey”, which is saved by an android feature called “Keystore”.

> Once the decrypted key is obtained

there are a few steps missing between these 2 paragraphs!

> This (was!) an article about "advanced techniques" Cellebrite uses to decode a Signal message db... on an unlocked Android device! They could have also just opened the app to look at the messages.

> The whole article read like amateur hour, which is I assume why they removed it.

- Moxie

[1] https://twitter.com/moxie/status/1337434126186553345

By and by I'm impressed. This has been posted to HN many times now, so evidently they've fooled a lot of people with very little technical substance.
How long until devices start using TPM-type chips to store secrets?

I get that this is a silly threat model, but the sooner we rely on non-mass storage for secrets, the better.

Apple devices already do with their “Secure Enclave”.

Android is much more fragmented ecosystem but most flagship manufacturers offer something similar.