No, Signal has not been hacked.
-
No, Signal has not been hacked. However, we do recommend turning off showing Signal content in notifications because the content is stored in memory on device. Apparently, this memory can be retrieved if an attacker has physical access to an unlocked device and has the right tool.
https://activistchecklist.org/signal/#signal-disable-notifications
-
No, Signal has not been hacked. However, we do recommend turning off showing Signal content in notifications because the content is stored in memory on device. Apparently, this memory can be retrieved if an attacker has physical access to an unlocked device and has the right tool.
https://activistchecklist.org/signal/#signal-disable-notifications
@HasSignalBeenHacked uhm... if an attacker has access to the unlocked device...... why wouldn't he just open signal? (And no, I did actually not read the article, usually I do before asking stuff like that, but news like these have often bugged me in some CVE related disclosures as well.)
-
@HasSignalBeenHacked uhm... if an attacker has access to the unlocked device...... why wouldn't he just open signal? (And no, I did actually not read the article, usually I do before asking stuff like that, but news like these have often bugged me in some CVE related disclosures as well.)
@jesterchen Yeah, that’s a great point. However, here’s an article in the news today that folks are talking about. Someone deleted the signal app but the notifications were still retrievable.
-
@HasSignalBeenHacked uhm... if an attacker has access to the unlocked device...... why wouldn't he just open signal? (And no, I did actually not read the article, usually I do before asking stuff like that, but news like these have often bugged me in some CVE related disclosures as well.)
@jesterchen @HasSignalBeenHacked this is about the news that agencies were able to access the notification database for the device using digital forensic techniques, i.e. special tools that can access the iOS filesystem -- push notifications turn out to be held unencrypted in a database on the iOS filesystem, and are thus pretty easy for enforcement to get at.
But it doesn't mean that they are able to access the Signal application itself, if the device was off
-
@jesterchen Yeah, that’s a great point. However, here’s an article in the news today that folks are talking about. Someone deleted the signal app but the notifications were still retrievable.
@HasSignalBeenHacked thanks for your reply. As I said: usually I read articles first,...
The new link is behind a paywall, but what I can see leads to new questions: Do people really believe, data is lost as soon as I delete something? And this is not even asking about other places where data might be stored. If I delete files, usually they're not physically deleted, only the allocation get's destroyed... and yeah, what typical user does know something like that, I know... (and that is long before clear vs. purge vs. cryptographically destroy like in NIST SP 800-88r2 or such).
And as long as the device is unlocked, the encryption won't help.......
And I know how difficult it is to explain the "basics" of this. So thanks again for the clarification.
-
@HasSignalBeenHacked thanks for your reply. As I said: usually I read articles first,...
The new link is behind a paywall, but what I can see leads to new questions: Do people really believe, data is lost as soon as I delete something? And this is not even asking about other places where data might be stored. If I delete files, usually they're not physically deleted, only the allocation get's destroyed... and yeah, what typical user does know something like that, I know... (and that is long before clear vs. purge vs. cryptographically destroy like in NIST SP 800-88r2 or such).
And as long as the device is unlocked, the encryption won't help.......
And I know how difficult it is to explain the "basics" of this. So thanks again for the clarification.
@HasSignalBeenHacked And thanks for the list to the checklist above. I will share it.
-
@jesterchen @HasSignalBeenHacked this is about the news that agencies were able to access the notification database for the device using digital forensic techniques, i.e. special tools that can access the iOS filesystem -- push notifications turn out to be held unencrypted in a database on the iOS filesystem, and are thus pretty easy for enforcement to get at.
But it doesn't mean that they are able to access the Signal application itself, if the device was off
@caitp @jesterchen @HasSignalBeenHacked
I don't even have this option, Notification Content, in GrapheneOS. -
@caitp @jesterchen @HasSignalBeenHacked
I don't even have this option, Notification Content, in GrapheneOS.@kete @jesterchen @HasSignalBeenHacked it's a part of the Signal app's settings, I'm not sure if that's what you're referring to, could be iOS-specific
-
M malte@radikal.social shared this topic
