FBI recovers "deleted" Signal messages through iPhone notifications

Daniel Sims

Posts: 2,478   +75
Staff
Why it matters: Encrypted chat services such as Signal, Telegram, and WhatsApp advertise themselves as the most secure, private digital communication methods. However, no matter how strong an app's end-to-end encryption is, hackers and authorities have discovered that the weakest attack vector isn't the software or messaging protocol, but the operating system it's installed on.

Supporters of the defendants at a recent Texas trial informed 404 Media that the FBI extracted incoming Signal chat messages from a defendant's phone even though the defendant deleted the app and messages. The agents instead recovered message content that the iPhone had stored in a separate database containing push notifications.

The case involves eight people who were convicted on terrorism charges after a police officer was wounded by gunfire outside an ICE detention facility. The witness whose phone contained the Signal messages, Lynette Sharp, previously pleaded guilty to providing material support to terrorists.

Signal prides itself on being open-source, secure, and private. Messages are only stored on the phone by default, and the service only recently introduced an opt-in backup feature. If the app or messages are deleted or the phone is lost, the messages should be unrecoverable. In fact, during the trial, an FBI special agent testified that Sharp set her messages to expire and that they had indeed expired in the app.

However, Apple devices copy and store content from push notifications, even when that content disappears from the original app. Apple's operating systems only save the content that appears in the notifications, so the FBI could recover only incoming messages, not outgoing messages.

Signal actually has settings to guard against this. Users can control what information appears in push notifications, such as message content, usernames, and actions. Sharp evidently declined to restrict notifications from Signal, likely to retain the convenience of reading messages without unlocking her phone. The incident highlights how tight security measures can clash with user comfort.

The revelation carries implications for all messaging apps, not just Signal. Not all apps have settings to control what appears in push notifications, so users should remember that any message they send might be preserved in the recipient's notification database, which forensic software can access.

Furthermore, Apple has previously submitted notification data to authorities. The company doesn't fulfill all government requests, but reports indicate that the US, UK, and German governments have received data through thousands of push-notification requests. The US Cybersecurity and Infrastructure Security Agency also warns users that hackers often attempt to access content from Signal or other messaging apps by taking over the host phone and reading messages after they have been sent and decrypted.

Permalink to story:

 
LOL, like ANYTHING you put on the internet/phones and what not can't be hacked!
It's almost like these clowns that get busted for murder claiming they didn't do it but
take their CELL PHONES with them that tracks them right to the scene of the crime.
As they always say...the smart ones ARE NOT in prisons.
 
Biggest mistake was using a closed sourced OS, in this case Apple's iOS.

Security is a chain link. It's only as strong as the weakest link, in this case iOS.

This duapoly of phone OSes and soon, PC OSs is intentional.
 
Back