Signal has become the biggest bastion for users seeking the most privacy possible on their phones. However, Forbes magazine got access to court documents indicating that the FBI has a way to access Signal texts, even if they are behind an iPhone’s lock screen.
It’s not just the fact that the app actually is fallible, but that police and governments de facto want full access to people’s privacy.
Forbes reports that the clues came via Seamus Hughes at George Washington University’s Program on Extremism through court documents containing screenshots of Signal messages between men accused, in 2020, of running an arms trafficking operation in New York. In the Signal chats obtained from one of their phones they discuss not only the arms trade, but also attempted murder, according to documents filed by the Justice Department.
There is also some metadata in the screenshots, indicating not only that Signal was decrypted on the phone, but that the extraction was done in “partial AFU,” Forbes explains. The latter acronym stands for “after first unlock” and describes an iPhone in a certain state: an iPhone that is locked, but has been unlocked once and is not turned off.
An iPhone in this state, Thomas Brewster explains, is more susceptible to data being extracted because encryption keys are stored in memory. Any hacker or device hacker with the right iPhone vulnerabilities could piece together the keys and unlock private data inside the device.
For law enforcement to access private Signal messages from an iPhone, there are a few other conditions besides a device being in AFU mode. The iPhone in question appears to be an iPhone 11 (either Pro or Max) or a second-generation iPhone SE, Forbes notes. “It’s also unclear which software version was on the device. Newer iOS models may have better security.”
“If someone is in physical possession of a device and can exploit an unpatched Apple or Google OS vulnerability to partially or completely bypass the lock screen on Android or iOS, then they can interact with the device as if they owned it,” a Signal spokesperson told Forbes, and recommended keeping devices up to date and with strong passwords to preserve users’ security and privacy.
The story also reported on the existence of GrayKey, a tool created by Atlanta-based Grayshift, which has been an increasingly popular choice for the FBI, the magazine reports.
In addition, Forbes obtained a leaked recording of Grayshift CEO David Miles, where he claimed that his company’s technology could obtain “almost everything” on an iPhone in AFU mode.
In December, Sky News reported on Signal’s fallibility, as Cellebrite, an Israel-based but Japanese-owned security firm, helped the FBI gain access to the iPhone of one of the San Bernardino shooters.
The company claims, Sky comments, that it can decrypt Signal messages as they are stored on Android devices, recovering the key used to encrypt them while they are at rest. Although it is important to stress that [Cellebrite] did not confirm that intercepted messages between two Signal users can be decrypted.
A Cellebrite spokesperson noted that they work “tirelessly to empower public and private sector investigators to find new ways to speed justice, protect communities and save lives.”