New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted.
-
New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. Why? Because parts of messages were stored in the iPhone's internal notification database. Shows how secure chat data can come from unexpected places https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/
@josephcox There has been some concern about security vulnerabilities and leaks associated with iOS notifications for a while, right?
-
New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. Why? Because parts of messages were stored in the iPhone's internal notification database. Shows how secure chat data can come from unexpected places https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/
@josephcox Can we be more specific here? I can’t imagine technically that there’s a possibility of messages arriving *after* deleting the app being decrypted and stored in a device’s notification database? So this is probably about messages that arrived *before* deleting the app?
-
@josephcox The article strongly implies that if you change, in the app settings, Notifications | Show Preview, to “Never” that closes this for future messages anyway. To deal with past, I suppose wiping the phone OS and reinstalling (General | Reset iPhone?) should do the job, assuming the database is not backed up to iCloud.
If these fucking blogs would not just repost and instead provide advice...
Like maybe testing how to clear that buffer. -
@josephcox Can we be more specific here? I can’t imagine technically that there’s a possibility of messages arriving *after* deleting the app being decrypted and stored in a device’s notification database? So this is probably about messages that arrived *before* deleting the app?
@ujay68 @josephcox I just read the text and it seems pretty clear that it was saved in the notification databse. so....not the app. Does that help?
-
New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. Why? Because parts of messages were stored in the iPhone's internal notification database. Shows how secure chat data can come from unexpected places https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/
this is an old problem and as far as I remember, does not only affect iOS but all platforms incl. Android, Windows etc.
Therefore it's a good idea to disable 'preview' in all notifications for all Apps on all platforms - as far as I recall, these are already mass-intercepted in transit.
What's new to me is that iOS stores these, even after having deleted an App - begs the question, what about other platforms?
-
If these fucking blogs would not just repost and instead provide advice...
Like maybe testing how to clear that buffer.@lasagne @arrakeen_urbanite @josephcox Just yet another click baity headline from 404 media, nothing new.
-
New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. Why? Because parts of messages were stored in the iPhone's internal notification database. Shows how secure chat data can come from unexpected places https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/
@josephcox While obviously concerning, my first thought is if someone needs to securely communicate then perhaps a smartphone with an OS you can't fully control isn't the best tool.
Signal may have great encryption but if the host OS has known vulnerabilities or design flaws that allow for this, then what's the point?
I am certainly open to suggestions and discussion for better solutions.
-
New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. Why? Because parts of messages were stored in the iPhone's internal notification database. Shows how secure chat data can come from unexpected places https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/
@josephcox I thought it was obvious? Anyone who ever looked at iOS or Android logs knows that every single notification you ever received is stored in the logs, and are transferred to new devices if you use migration assistant or encrypted backup.
It's a valid and big attack vector, that's why I personally have notifications enabled to just tell me which app it is and why i'm getting a notification, no other context. Especially since push notifications are handled by Google/Apple's servers so if you can MITM it, you can collect a lot of sensitive data. -
@ujay68 @josephcox I just read the text and it seems pretty clear that it was saved in the notification databse. so....not the app. Does that help?
@Netraven I guess so. Wondering if iOS offers an API that Signal could (have) use(d) to completely clear its notifications from that db. I guess not so.
-
@Netraven I guess so. Wondering if iOS offers an API that Signal could (have) use(d) to completely clear its notifications from that db. I guess not so.
@ujay68 I don't know, sorry.
-
@josephcox As I've long said, "you don't go through strong security, you go around it."
@SteveBellovin @josephcox Can I quote you on that?
-
J jwcph@helvede.net shared this topic
