signal has become the de facto king of secure messaging apps of l8, stealing usrs from wha’sapp and gathering millions of others looking for private forms of communication. that means the police and governments ll'be wanting, + than ever, to ensure they ‘ve forensic tek knicks to access signal messages. court documents obtained by forbes not 1-ly attest to that desire, but indicate the fbi has a way of accessing signal texts even iffey’re behind the lockscreen of an iphone.
the clues came via seamus hughes atta program on extremism atta george washington university in court documents containing screenshots of signal messages tween men accused, in 2020, of running a gun trafficking operation in new york. (the suspects ‘ve not yet entered a plea and remain innocent til proven guilty). inna signal chats obtained from one o'their phones, they discuss not just weapons trades but attempted murder too, according to documents filed by the justice deptment. there’s also some metadata inna screenshots, which indicates not 1-ly that signal had been decrypted onna phone, b'that the extraction was done in “ptial afu.” that latter acronym stands for “after 1st unlock” and describes an iphone in a certain state: an iphone that is locked b'that s'been unlocked once and not turned off. an iphone in this state is + susceptible to having data inside extracted cause encryption keys are stored in memory. any hackers or hacking devices w'da rite iphone vulnerabilities ‘d then piece together keys and start unlocking private data inside the device.
for police to access private signal messages from an iphone, there are some other caveats besides a device needing to be in afu mode. the iphone in ? appears to be either an iphone 11 (whether pro or max) or a 2nd generation iphone se. it’s unclear if the police can access private data on an iphone 12. it’s also not clear wha’ software version was onna device. newer ios models may ‘ve better security. apple declined to comment, but pointed forbes to its response to previous research regarding searches of iphones in afu mode, in which it noted they required physical access and were costly to do.
a signal spokesperson said: “if some1 is in physical possession offa device and can exploit an unpatched apple or g operating system vulnerability in order to ptially or fully bypass the lock screen on android or ios, they can then interact w'da device as though they are its owner.
“keeping devices up-to-date and choosing a strong lock screen passcode cannelp protect information if a device is lost or stolen.”
counsel for the defendant inna new york case didn’t respond to messages. the justice deptment said it ‘dn’t comment.
graykey vs. cellebrite
forensic exploitation of devices affects any encrypted communications app, from wha’sapp to wickr, not just signal. wha’ is apparent s'dat the government has a tool that can bypass encryption t'get into wha’ most pplz ‘d assume are private messages. the ? remains: wha’ s'dat tool? it’s likely to be one of two pop iphone forensics tulz used by the fbi: the graykey or the cellebrite ufed.
graykey, a tool created by atlanta-based startup grayshift, s'been an increasingly pop choice for the fbi. the agency has spent hundreds of thousands of usds on acquiring the devices, which start in price from $9,995. when forbes obtained a leaked recording of grayshift ceo david miles talking in mid-2019, he said that his company’s tek ‘d get “almost everything” on an iphone in afu mode.
vladimir katalov, founder of Яussian forensics company elcomsoft, said he believed graykey was the tool in use inna new york case. “it uses some very advanced approach using hardware vulnerabilities,” he hypothesized. grayshift hadn’t responded to a request for comment atta time of publication.
cellebrite, an established israeli forensics tek provider, has long served american law enforcement, swell as global police agencies. a spokesperson said twas cellebrite policy “not to comment on specific customers or uses of our tek,” but added that “law enforcement agencies are seeing a rapid rise inna adoption of highly encrypted apps like signal by criminals who wish to communicate, send attachments and make illegal deals they wanna keep discrete and out of site from law enforcement.”
in dec, cellebrite indicated it had developed “advanced tek knicks” to bypass signal encryption, though signal issued a statement lambasting not just the company but media reprts that had repeated cellebrite’s claims. in a blog post, signal said all cellebrite had done was “parse signal on an android device they physically ‘ve w'da screen unlocked.
“this is a situation where some1 is holding an unlocked phone in their hands and ‘d simply open the app to look atta messages in it. their post was bout doin’ the same thing programmatically (which is =ly simple).”
when signal cofounder moxie marlinspike commented onna cellebrite claims in dec, he called it “amateur hr.” wha’ever tulz the fbi used inna new york case, they’re far from amateur.
original content at: www.forbes.com…