Comments

You must log in or register to comment.

nulloperation wrote

Alternatively this could be psy ops intended to make people worry about the safety of Signal. Otherwise, why would Cellebrite claim so openly, on their website?

The article insinuates that it's a flaw in the protocol:

Signal, owned by the Signal Technology Foundation, uses a special open source encryption system called Signal Protocol, which was thought to make it nigh-on impossible for a third party to break into a conversation or access data being shared on the platform.

If there's a "hack" at all, I wouldn't be surprised if it was something more mundane, like a generic Android keylogger / screen capture backdoor.

5

celebratedrecluse wrote

The problem is the hardware and firmware of the social network. Signal is making good steps to allow users to function on desktop systems instead, after many years of ignoring this niche subgroup of users. but the vast majority of users are on mobile platforms with known backdoors and zero days.

Until genuinely free mobile hardware, including networks, is available...there will always be ways to spy on users of smartphone applications. Signal and similar quick-fix approaches to this situation are basically offering a remedy for mass surveillance only; in the case of specific targeted investigations, it's just the illusion of privacy.

You are right, if they had compromised signal's protocol rather than the hardware, they would almost certainly not advertise that fact. And regardless, they will not provide evidence, which would allow a patch to be made.

5

nulloperation wrote

Until genuinely free mobile hardware, including networks, is available...there will always be ways to spy on users of smartphone applications.

100% this. Smartphones are horrible for our freedom and security.

Video call functionality was recently added to Signal Desktop making it easier to use Signal from a laptop. It is also possible to sign up for Signal without a smartphone. Strongly recommended.

You are right, if they had compromised signal's protocol rather than the hardware, they would almost certainly not advertise that fact.

After reading Cellebrite's fairly detailed blog post (which has now been taken down), it's clear that they're just able to access messages on a device that's already seized and unlocked.

That's an important detail to keep in mind as the headline is strongly misleading: "previously considered safe". I'm sure those who've just been skimming headlines will talk about how they've read that "Signal has been hacked", which is not true.

Please, if you read this, don't repeat the untruth about "Signal being hacked", and please call it out it when you hear it from others.

3

another_i wrote

Turn on self destructing messages.

4