Signal conversations are apparently 100% secure. This is revealed by documents that prove that the FBI has a tool that can read them. If in recent times millions of users have left Whatsapp hoping to find more privacy in other applications such as Telegram and Signal, their expectations are subject to not being respected.
The news has been reported by Forbes, which has been able to access documents from an ongoing trial in the United States, in which the defendants accused of illegal arms trafficking have used Signal. In the screenshots produced in court, there are clearly chats extracted from the iPhone of one of the suspects who used Signal.
The screenshots in question contain metadata indicating not only that Signal has been decrypted on the phone, but also that the data extraction has been carried out in partial “AFU” mode, an acronym that stands for “After First Unlock” and describes an unlocked iPhone that has been unlocked once and not turned off.
This mode allows hackers to put cryptographic keys together and start unlocking the private data inside the device.
Notwithstanding any technology used from the apps to keep users’ own conversations protected, US law enforcement and secret services would have two different tools to break into iPhones called GrayKey and Cellebrite. Both use vulnerabilities in the hardware of iPhones that allow them to be unlocked externally and access the phone and its contents without the need to know the password.
If the phone is unlocked using these tools, it would make little difference which apps are used to chat, and whoever has access could read all of the user’s conversations, as Signal’s spokesperson has not denied, admitting that “if someone physically has a device and can exploit a vulnerability in the Apple or Google operating system without a patch to completely or partially bypass the lock screen on Android or iOS, then they can interoperate with the device and access it without knowing the password, therefore they can interact with the device as if they were its owner” and therefore the advice to reduce the risk of privacy breaches is to keep devices up to date, set up an effective lock screen on the device, and try to reduce the exchange of information that should remain private on microchat apps.
In each case, even if the main messaging apps use the same type of “end-to-end” cryptography in which the cryptographic keys are exchanged between the two devices and are not stored on the platform’s servers, and even if Facebook, WhatsApp, Telegram and Signal cannot read users’ messages, it seems that the FBI may be looking for ways to do so.
SOURCE:FEDERPRIVACY