|
|
|
|
|
|
by dmix
2012 days ago
|
|
|
Signal has considered this scenario by adding an additional client-side "encrypt my messages" locally feature. Which prevents your messages to get sucked out by some digial forensics tool like it would for iMessage, Messager, etc. So I'm curious if this is what they are referring to. Post-physical unlocked HD access to the device, aka digital forensics, is assumedq here, this is what this company does. As others have pointed out Signal might have been storing the local pin/password in an Android secure enclave of "AndroidSecretKey" which they found other means around. |
|
|
https://web.archive.org/web/20201210150311/https://www.celle...
If you can't tell for yourself, here is Moxie's reply (also linked to by the same hn user):
> This (was!) an article about "advanced techniques" Cellebrite uses to decode a Signal message db... on an unlocked Android device! They could have also just opened the app to look at the messages.
> The whole article read like amateur hour, which is I assume why they removed it.
> https://twitter.com/moxie/status/1337434126186553345
--
Basically yeah, adding a pin to signal would also prevent this, they didn't bypass such extra measures.
This is what they did in their blog post:
> We found that acquiring the key requires reading a value from the shared preferences file and decrypting it using a key called “AndroidSecretKey”, which is saved by an android feature called “Keystore”.
No further mention of it, so I assume they just had access to it. From Moxie's post, I assume that the keystore is unlocked when the phone is.