[paddlesteamer]

> In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software.

I wish I could see those files in action...

[tony101]

I wonder if the intention here is to deter Cellebrite from parsing Signal files? Or to pressure them into fixing their security vulnerabilities?

[kbenson]

Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time.

Pretty sure it's the former, since the above is a way to ensure that Cellebrite can't just gather all implied exploit files and make sure they've got those specific problems all patched. This is, quite literally, an informational attempt at guerilla/asymmetric warfare, where Signal is trying to make engaging with them too costly, while also making a few blows quite a bit above their weight level. Cellebrite now has to decide whether to keep after this adversary that both is hard to pin down, ambushes them, and has shown it can hit them really hard where it matters (credibility, and thus their pocket book).

[Zarathust]

This indeed looks like a FUD statement, implying that they can have an infinite amount of potential vulnerabilities. Realistically though, writing parsers that do not yield control of your whole device is not that complex. The people exploiting iOS zero days can certainly do it.

[Karunamon]

You're not wrong at all, but if they're shipping these garbage ancient versions of ffmpeg, there are likely oodles of other bugs lurking around. And, if Cellebrite acts like most other companies who've had their awful security exposed, they will fix only this bug and leave everything else.

[kevinmchugh]

It's not that hard but neither is shipping patched versions of ffmpeg. This company will have some catching up to do.

[spoonjim]

But it might be easier for Cellebrite to just stop exfiltrating data from Signal. Of course, other apps could discover similar vulnerabilities.

[chopin]

That's not enough. With file system permission, Signal could place files anywhere (like prepared gifs in the Pictures folder).

I think this taints any phone having Signal installed.

[da_big_ghey]

the signal are capable for finding more exploit with more time. important piece is that exists now a reasonable doubt on data from the celebrite, so it are not so good for evedince.

[jjoonathan]

Nah, Cellebrite will panic for a bit at the possibility of facing repercussions but ultimately not commit enough effort to change anything. Cellebrite's counterparties, however, might not be so complacent.

[alfiedotwtf]

Signal should generalise this into a library so that other app vendors can include these perfectly cromulant files

[simonh]

That would reveal all the exploits to Cellebrite, which Signal is trying to avoid.

[FridayoLeary]

I imagine many brother app vendors, who may or may not maintain good relationships with Signal might possibly have found a usb drive containing the relevant data on the street. (pure speculation, i don't know anything about moxie, but judging by his tone, i wouldn't be shocked)

[alfiedotwtf]

hehe.

Now imagine if Hack Back laws actually passed... companies like Whisper Systems would have had impunity for even more shenanigans :)

[hprotagonist]

or just flipping them off, which seems OK too.

[barbazoo]

I don't get it, can anyone elaborate on what they are talking about there?

[TheGeminon]

They are implying that future versions of Signal will drop random files on your phone that "may or may not" cause damage to Cellebrite systems.

They are basically putting the threat out that if you use Cellebrite on Signal in the future, you might not get the data you expect, and at worst, it may corrupt the report/evidence.

This also brings into question the chain of custody, as an untrusted device being imaged can alter reports of unrelated devices.

[franga2000]

Damn, a chain of custody where the thing in evidence is also part of not only its own chain but also those of other evidence acquired afterwards? I can't imagine what kind of case law exists around that, but I'm sure it's hilarious!

[cosmie]

> also those of other evidence acquired afterwards

And prior extracts on the device.

[elliekelly]

Which is what I don't really understand - it seems like Cellebrite could spin this in their favor so law enforcement would need to purchase a new kit for each device?

[rodgerd]

Signal is going to start attacking third-party tools once it's installed on your phone.

It's as though Theo decided that OpenSSH should respond to portscanners by trying to pwn the source systems.

[oh_sigh]

No, because that would be active retaliation.

More realistically it is like dropping a file on your private file server DONT_RUN_THIS_BLOWS_UP_YOUR_COMPUTER.exe. You never run it, but maybe somebody exploits your file server, gets all your files, and automatically runs them?

Oh well.

[PeterisP]

It really is like dropping a file on your private file server DONT_RUN_THIS_BLOWS_UP_YOUR_COMPUTER.exe - but contrary to your expectations, it's not "oh well", if you placed it there with the intent to trap someone who you expect to be looking at your computer, you may well be liable if their computer blows up, there's no significant difference from active retaliation - the consequences are there, the intent is there, the act is there, it's pretty much the same.

Of course, if some criminal exploits your file server, they are not likely to press charges, but if it triggers on law enforcement who have a warrant to scan your fileserver, that's a different issue.

You'd be just as liable as for physical boobytraps on your property, with pretty much the same reasoning.

[salawat]

The beauty though, is that law enforcement now can't even know before plugging in and scanning a device whether they'll actually be pwned.

They have to use the exploit to figure out if the phone can nuke that hardware's usability in the future or integrity of any locally stored, non-offsited data.

UNLESS Cellebrite can produce publically for a court of law proof that any potential exploit isn't a valid concern, which means spilling implementation details about how the device works.

Nobody can continue to shut up AND maintain the status quo. Either everyone clams, and Signal can sow reasonable doubt without challenge, crippling Cellebrite's value as a forensic tool. Or someone has to open up about the details of their tool, which, like it or not, will speak very loudly about the ways and methods behind these exploits.

The Checkmate is implied, and oh my, is it deafening.

[chordalkeyboard]

> if you placed it there with the intent to trap someone who you expect to be looking at your computer, you may well be liable if their computer blows up

Liable for what? You haven’t promised that the code is safe, and they chose to run it.

> there's no significant difference from active retaliation

There is a significant difference, in active retaliation you choose to attack someone elseks computer, with a trap file the attacker chooses to run files they have stolen from you. Big difference.

> You'd be just as liable as for physical boobytraps on your property, with pretty much the same reasoning.

The reasoning is different, lethal or injurious man traps are prohibited because you don’t respond to trespassing with lethal force and you don’t know who or what may trigger the trap. Man traps that lock the intruder in a room without injuring them are fine, and used in high security installations.

[spoonjim]

And why shouldn’t OpenSSH do that?

[rodgerd]

Because I have zero interest in running attack software.

[supergirl]

signal wants to pick a fight with a grey company that gets money for cracking apps? not a good idea

[kevinyew]

They're already picking a fight with Cellebrite simply by existing, as Signal is antithetical to everything that Cellebrite stands for.

[f1refly]

buying a safe != killing the guy thats invading your house

[sterlind]

I think this would be more like including exploding dye packs in your bags of money.

[da_big_ghey]

one could view make of an e2e encrypt app that is cause problem for polices as "not a good idea" but there must be some person for to do it.