Has Signal Been Hacked?

No, Signal has not been hacked. However, we do recommend turning off showing Signal content in notifications because the content is stored in memory on device. Apparently, this memory can be retrieved if an attacker has physical access to an unlocked device and has the right tool.

https://activistchecklist.org/signal/#signal-disable-notifications

Signal Security Checklist | Digital Security Checklists for Activists

Configure Signal to protect your messages and calls

Activist Checklist
Apr 9 at 6:23pmWeb
Show threadjesterchen421d ago
@HasSignalBeenHacked uhm... if an attacker has access to the unlocked device...... why wouldn't he just open signal? (And no, I did actually not read the article, usually I do before asking stuff like that, but news like these have often bugged me in some CVE related disclosures as well.)
Show threadHas Signal Been Hacked?1d ago

@jesterchen Yeah, that’s a great point. However, here’s an article in the news today that folks are talking about. Someone deleted the signal app but the notifications were still retrievable.

https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database

The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.

404 Media
Show threadjesterchen421d ago

@HasSignalBeenHacked thanks for your reply. As I said: usually I read articles first,...

The new link is behind a paywall, but what I can see leads to new questions: Do people really believe, data is lost as soon as I delete something? And this is not even asking about other places where data might be stored. If I delete files, usually they're not physically deleted, only the allocation get's destroyed... and yeah, what typical user does know something like that, I know... (and that is long before clear vs. purge vs. cryptographically destroy like in NIST SP 800-88r2 or such).

And as long as the device is unlocked, the encryption won't help.......

And I know how difficult it is to explain the "basics" of this. So thanks again for the clarification.

Show threadjesterchen421d ago
@HasSignalBeenHacked And thanks for the list to the checklist above. I will share it. :)
Show threadcaitp1d ago

@jesterchen @HasSignalBeenHacked this is about the news that agencies were able to access the notification database for the device using digital forensic techniques, i.e. special tools that can access the iOS filesystem -- push notifications turn out to be held unencrypted in a database on the iOS filesystem, and are thus pretty easy for enforcement to get at.

But it doesn't mean that they are able to access the Signal application itself, if the device was off

Show threadGray Hairs1d ago
@caitp @jesterchen @HasSignalBeenHacked
I don't even have this option, Notification Content, in GrapheneOS.
Show threadcaitp1d ago
@kete @jesterchen @HasSignalBeenHacked it's a part of the Signal app's settings, I'm not sure if that's what you're referring to, could be iOS-specific
Show threadMoss da Bard 🇨🇦🇧🇧🇲🇽🇬🇱1d ago
@HasSignalBeenHacked
I followed the steps, until it got to looking for "Notification Content". That selection does not exist on my copy of Signal.
Show threadGarret Polk (masked)1d ago
@HasSignalBeenHacked On Android I see the option under Settings -> Notifications -> Messages -> Show -> No name or message
Show threadBruce Walzer 🇨🇦17h ago

@HasSignalBeenHacked

Putting on my user hat...

"OK. Signal has forward secrecy. So messages are gone after I receive them. Great!"

Oh, you didn't turn on disappearing messages? Oh, right, then forensic tools like Cellebrite can get them. You have to turn on disappearing messages. The default is off.

Oh, you did turn on disappearing messages? We send the messages in notifications. So the OS can keep them. Turns out Apple was doing that. There is an option you can turn on to prevent that. It is off by default.

"I'll just delete the entire app!" No, sorry, the OS still has your messages...

At what point does the usability get so bad that we can blame the messaging system?

This same app had a usability issue that turned into a security issue just last year:

End to End Encrypted Messaging in the News: An Editorial Usability Case Study (my article)
https://articles.59.ca/doku.php?id=em:sg

End to End Encrypted Messaging in the News: An Editorial Usability Case Study [The Call of the Open Sidewalk]