- cross-posted to:
- pulse_of_truth@infosec.pub
- cross-posted to:
- pulse_of_truth@infosec.pub
You must log in or register to comment.
Good that the most powerful people in the world use it then
Here’s a link to the original article (from the same author) on the platform you should actually subscribe to.
https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/
The Wired article is not based on the 404 article. This one goes into detail about the mechanics of the hack.
Non-paywall: https://archive.is/qwonI
works in almost exactly the same way as Signal, except that it also archives copies of all the messages passing through it, shattering all of its security guarantees.
Pretty sure Signal does that as well, which is not a security issue.
Signal uses end-to-end encryption (E2EE). The only copies of messages are on the sender’s and recipient’s devices.
Copies of messages are also known as archives.
Signal does not archive messages on server side
They weren’t talking about the server:
This app…works in almost exactly the same way as Signal, except that it also archives copies of all the messages passing through it, shattering all of its security guarantees.
Later in the article, it talks specifically about the server-side archives being stored in plain text. That’s why the hacker was able to access messages. This isn’t about the local copies on phones.
Yeah I didn’t read past the misinformation
Kinda seems like you’re the misinformation.
Maybe you should start reading up on stuff you don’t know about before adding nonsense to internet threads.
The only backup option I see for Signal is through Android, but it’s optional. There is no backup support for iOS or desktop.
https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages
It’s why Molly has local database encryption.
That doesn’t really do anything. Attackers need local access to the device to get the database itself. Chances are, they’ll get the key right with it.
Molly encrypts it using a passphrase instead of a locally stored key for exactly that reason.
