[HN Gopher] No, Cellebrite Cannot "Break Signal Encryption" ___________________________________________________________________ No, Cellebrite Cannot "Break Signal Encryption" Author : hprotagonist Score : 457 points Date : 2020-12-23 18:27 UTC (4 hours ago) (HTM) web link (signal.org) (TXT) w3m dump (signal.org) | cgb223 wrote: | It's shameful that one of the worlds best journalistic sources | didn't even bother to reach out to Signal to get comment on a | story they ran about them | | I feel like a lot of today's mistrust of news stems from | publications not verifying sources, or checking evidence, or at | least scrutinizing what others are saying. | | Wish we could fix that | will4274 wrote: | Additionally shameful: - they haven't printed a retraction yet | - the technology reporter in question doesn't understand the | tech well enough to recognize the error, even when somebody | states it explicitly (https://mobile.twitter.com/janewakefield/ | status/134141965721...) | travmatt wrote: | I'm just as concerned about: > According to one cyber-security | expert, the claims sounded "believable". | | One anonymous source at the topic of the article that bolsters | the claim, then all the experts who were willing to attach | their names to their words all temper the articles claim are | towards the end of the article. | Brian_K_White wrote: | A post on the 2600 group on fb said "seems legit". | lemoncurd wrote: | i have more faith in the onion than bbc, they are from the best | newspaper | pirocks wrote: | The BBC isn't a newspaper. | lemoncurd wrote: | man i dont care about your technicals | zepto wrote: | The onion is | DaniloDias wrote: | It isn't shameful. It is yet another indicator that the | journalism industry is creating the intellectual equivalent of | Animal Crossing. | | It's a time waster that entertains- not a reflection of truth. | How could any business be considered "the best" in its field | and create such a shitty product? Simplest explanation: they | are not trustworthy and never were. | Erlich_Bachman wrote: | This is not due to incompetence. This is done with the | objective to influence the public opinion of cryptographic | tools so that people will stop using them. The system has no | way of actually breaking encryption, that's why it is | focusing on the other ways to circumvent it - one of them | being making most people (non-experts) believe that it | doesn't work anyway so they will stop using it. | | This is a focused campaign, this is not just random occurence | of incompetence. | pvg wrote: | _This is a focused campaign_ | | What's the evidence for this? | ffpip wrote: | BBC article states "BBC has contacted Cellebrite and Signal for | comment" | | https://www.bbc.com/news/technology-55412230 | buran77 wrote: | The Signal blog post says from the beginning that: | | > Since we weren't actually given the opportunity to comment | in that story | | So it may just mean they were not given enough time to | respond before publication, or even that they were contacted | post-publication. In the race to front page "breaking news" | the responses are expected to be published as updates to the | story. | kerng wrote: | Yeah, all that is needed is to send a quick email to a | company, then publish. There are no standards for how long | one has to wait. | | I imagine this is quite common behavior with journalist | when they want "breaking news" | judge2020 wrote: | How and when they contacted cellebrite/signal is important, | but even when you see "refused to comment" there really isn't | a timestamp for when contact was attempted/initiated. Is | there a reason for this? | toby- wrote: | And the original blog post by Cellebrite _does_ claim to have | 'cracked' the encryption, doesn't it? So the BBC's headline | isn't exactly inaccurate. | kortex wrote: | So what? There's plenty of dubious blogs claiming all | manner of things. The actual accomplishment isn't | noteworthy (they wrote a scraper). If it _were_ encryption- | breaking, it would indeed be noteworthy, and thus worthy of | fact-checking or at least waiting for Signal 's rebuttal of | "lolwut, no, that's nonsense". | | "Accuracy" is moot here: BBC's headline is misinformation. | [deleted] | upofadown wrote: | No, it didn't. It specifically stated that access to the | Android keystore was needed to get at the stored Signal | data. | AsyncAwait wrote: | There's a blog post claiming the Earth is flat. Would the | BBC publish an article on it outside of satire? | mikece wrote: | There is a thin line between modern journalism and click-bait | ad farms. | SoSoRoCoCo wrote: | > I feel like a lot of today's mistrust of news stems from | publications not verifying sources | | First, a nitpick: that is a thought not a feeling: you didn't | state how it made you feel, you stated an idea. | | Moving on... That's not why people mistrust the media. They | mistrust the media because they are told to by politicians | seeking to discredit journalism and control the narrative. | NateEag wrote: | I approve of your nitpick. | | I am a counterexample to your main point. I distrust most | media sources because I've not once seen one present | rigorous, transparent, verifiable research about a current | event of interest to me. | | I think I've seen every media source I've followed get | significant facts wrong about things I know well. | | I try to fight back against Gellman amnesia in my own head. | SoSoRoCoCo wrote: | > I distrust most media sources because I've not once seen | one present rigorous, transparent, verifiable research | about a current event of interest to me. | | "Because I've never seen it, clearly it does not exist." | Brian_K_White wrote: | "I have no reason to believe this, but it clearly must | exist" | | That's called faith and religion. | | You cannot rationally make decisions based on anything | other than what you know and have seen or can reasonably | project from there. | | IE, I can't see an atom with my eyes, and I can't | duplicate all the research of history myself, but I can | see some things with my eyesb and I can duplicate some | research myself, and I can follow a reasonable, logical, | defensible chain of trust from what I can directly prove | to myself, to proofs I can accept indirectly, and | distinguish those from fairy tales. | ksdale wrote: | Double nitpick: People often colloquially use "I feel like" | in place of "It is my opinion that" and it doesn't even | strike me as literally wrong to describe an opinion as a | feeling... | | And do you think this episode is evidence of trustworthiness | on the part of the BBC? | | I agree with you that politician sow distrust, but poorly | researched pieces are the fault of no one but the | journalists. | Brian_K_White wrote: | I don't think it's reasonable to conclude that there is no | influence directing the overall thrust of stories, choosing | which stories or which versions of stories, or which | writers get published, any more than to conclude that every | single story was scripted by the Illuminati or the | Rothchilds. | | We HAVE seen enough evidence to know that much just by | tabulating stats and things like that John Oliver bit | showing all the tv news stations using the exact same | supposedly off the cuff remarks. | andrepd wrote: | Related: the Gell-Mann effect. You read a newspaper story on a | topic about which you are knowledgeable, and get mad at how | _wrong_ they 've got everything. Then you turn the page and | read the next story, on which you are not an expert, and take | it at face value. | alisonkisk wrote: | Nitpick: Its Gell-Mann amnesia, Michael Chrichton's name for | Murray Gell-Mann's amnesiatic behavior, not an effect | discovered or promoted by Gell-Mann. | tptacek wrote: | It's not a nitpick. The "Gell-Mann" in the name elevates a | novelist and pundit's ideas to those of a Nobel physics | laureate. It's worth pointing out! | | It's also a frustrating argument. What does it actually | say? "Journalists are often wrong". No shit! That's why | it's called "the first draft of history". Meanwhile, | everybody is often wrong. But we don't have a "Djikstra | amnesia" to describe all the times we fall short of the | ideals of our own discipline, but forget about that when | holding other people to our notional ideals of their | disciplines. | gweinberg wrote: | It's not that journalists are often wrong, it's that | journalists often say stuff that is obviously wrong to | anyone who knows anything about the subject. And that | indicates sloppy investigation, like not contacting | Signal before reporting this story. | kasey_junk wrote: | The question is are they more wrong than any other | segment of the population that writes for consumption? | | Journalists, unlike say bloggers or marketers or think | tank authors or pundits, have a fairly robust | ethics/rules system about how to publish. Does it fail | them at times? Of course, but do they fail at a higher % | than other outlets? | | I've never seen any actual evidence to suggest that. That | there is a pithy quote from a Nobel prize winner isn't | interesting. | jancsika wrote: | I propose to refer to facile references to "Gell-Mann | Amnesia Effect" here on HN as the "Gell-Mann Amnesia | Affectation" | a1369209993 wrote: | > But we don't have a "Djikstra amnesia" to describe all | the times we fall short of the ideals of our own | discipline, but forget about that when holding other | people to our notional ideals of their disciplines. | | Perhaps we should? | | (And then, of course, someone can post: | | > Nitpick: Its Djikstra amnesia, tptacek's name for | Edsger Djikstra's amnesiatic behavior, not an effect | discovered or promoted by Djikstra. | | when it eventually gets rounded to "Djikstra effect".) | renewiltord wrote: | The strongest interpretation of the idea expressed by | Gell-Mann Amnesia is "You set your posteriors to be | different from your priors based on journalism more than | you should be and you do not alter this difference upon | seeing evidence that should indicate imperfection in | journalism". i.e. it warns you that you are likely over- | weighting journalism. | | Fortunately, most journalism is useless for information | transmission and likely rarely alters behaviour - the | latter having been chosen first with the journalism being | used as justification. To that degree, the fact that most | journalists are usually low quality information sources | is not particularly dangerous since you never use them to | do anything different from what you'd do. | zepto wrote: | That's because of the Bader Meinhoff phenomenon. | ben509 wrote: | Crichton expressly noted that he picked the name ironically | because people would implicitly trust it if he named it | after Murray Gell-Mann. | worik wrote: | "Gell-Mann effect" I had never heard of it. Looked it up. | Thank you. I especially love the way it is named... | krastanov wrote: | I like this meme, it is fun and so on, but I have to admit, | it is not really a thing: I am a professional physicist and | journalists at respected outlets are pretty good. NPR, PBS, | NYT all do a pretty great job at science journalism. More | often than not the rare complaints from professional | scientists are more self-aggrandizement lacking awareness of | the pedagogical constraints of popular press. | harry8 wrote: | You lost me at NPR do a pretty great job at science | reporting. In fact they are a punchline to the joke about | how incredibly bad science reporting can be. | | https://statmodeling.stat.columbia.edu/?s=Npr | jeremysalwen wrote: | https://statmodeling.stat.columbia.edu/2016/05/05/npr- | bites/ | | > In all seriousness . . . | | > I have no problem with NPR. NPR is great. That's why | I'm bummed when it falls for junk science. | Matticus_Rex wrote: | In my circles this gets me into arguments all the time. | Everyone reads a book, everyone but me likes it. I point out | how one section I know a lot about is deeply wrong, everyone | else says versions of "well other than that part it's a great | book!" | | I wish LW-style rationalist circles didn't attract such | obnoxious people, because I don't know of any other | collection of people who recognize and try to adjust for | things like this. | jancsika wrote: | > I point out how one section I know a lot about is deeply | wrong, everyone else says versions of "well other than that | part it's a great book!" | | Sometimes books about magical properties of crystals get | their geology right. Sometimes they get it wrong. | | If I apply your superficial filter I essentially give up my | ability to convey the difference to your friends. | | If I ignore your filter and pay attention to the _entirety_ | of each book, it 's trivial for me to help them separate | wheat from chaff. (Or at least chaffy-wheat from pure | chaff.) | renewiltord wrote: | Considering that Matticus there knows about LW and | Rationalism, it seems obvious he isn't saying to zero out | your coefficients. | | Imagine I give you a dictionary purporting to contain | descriptions of the referents of the following words: (I | assume you know what a sprint is, but not a bilparyoti or | a zambungar) | | * sprint - to run at a rapid pace for a short distance | | * bilparyoti - a kind of bright blue butterfly, found in | Congo-Brazzaville | | * zambungar - a muddy colour, specifically that created | when a landslide enters a clear river | | Now, based on knowing that 'sprint' is 'correct', what is | your probability, posterior to being supplied the | dictionary, that you know what a 'bilparyoti' references? | | Now, imagine that I tell you that the 'bilparyoti' is | wrong and you are able to be convinced that the | 'bilparyoti' is wrong. Is your prior for the accuracy of | the 'zambungar' reference the same as the posterior after | being supplied the information about the 'bilparyoti'? | | Matticus, there, presumably laments the fact that the | zambungar accuracy probability has not moved. Rationally | it should move towards zero. By varying amounts, | certainly, but towards zero. With his friends, | P(zambungar_correct | bilparyoti_wrong) = | P(zambungar_correct|bilparyoti_unknown), truly a | situation worthy of wailing and gnashing of teeth. | Matticus_Rex wrote: | Thanks for putting waaay more effort into that response | than I would have haha | renewiltord wrote: | Most definitely a great deal of akrasia involved there on | my part. | nerpderp82 wrote: | Perhaps we should reframe how we approach new knowledge? | | "That was a super interesting book, it brought up lots of | ideas and explanations, lets discuss what parts if any we | think are true." ! | | Folks call out information and facts as fake news, not | apply healthy skepticism but a rejection of all knowledge | and then at the same time falling for hoaxes. | | The whole country needs to take a gap year and learn the | scientific method. | alvarlagerlof wrote: | They are actually extremely rigorous about this in lower | Swedish education. Source criticism is part of the | curriculum. It becomes evident how much of a difference | it makes when comparing the behavior of the elderly | population at large (were only those who went to | University have been thought it) to those who have had | this from the start. | drivebycomment wrote: | It can be perfectly rational to conclude a book is great | despite there's a flaw in some part. | | You can't simply extrapolate from finding one mistake in a | book to declaring the whole book wrong. Likewise, you can't | extrapolate from finding few bad publications to | "everything is crap". I'm not trying to claim journalists | are all good or even consistently good. But believing they | are always bad is the same logical fallacy as believing | they are always good. | Brian_K_White wrote: | I don't think it's rational unless and until you or | people who are knowledgable in all other topics covered, | can assert that the other parts all check out. | | If you can only check one thing and it's wrong, then it | is entirely and clearly irrational to assume that | everything else is correct. | | It's not fully defensible to assume that it's 100% wrong | either. Just by plain statistics you may assume almost | anything must have some correct portion. | | What's rational is to make as few assumptions as | possible, and where guessing or informed guessing is | necessary, use only the information you actually have. | That means back to the beginning, if you can only | evaluate one part, and it has a many errors, then that is | the only thing you can use to make any assumptions about | the rest, unless and until you get actual credible | assertions about the rest from someone else who are | themselves credible in that domain. | Smaug123 wrote: | It's not "believing they are always bad". It's "being | unable to determine whether they are good". If you simply | don't know enough to evaluate a source, it is _correct_ | as a matter of epistemology to view its contents with a | large dose of suspicion. Any historian will tell you | this; a pretty sizeable aspect of the study of history is | the weighing of sources, working out why they said what | they did, what they 're not telling you, and what they're | wrong about - because every source is incomplete, biased, | and contains simple factual errors. I might sit back from | a book and go "wow, that was good", and it's possible for | a book to be "great but wrong" - but I can only | reasonably conclude that a source's contents are correct | if I have got more evidence for its thesis than just that | one source. | | So the situation is bad enough when I am encountering a | new source. But if I'm already familiar with a source, | and it's consistently wrong about the things I know, then | I can only be _even more_ suspicious of everything else | they say; and sadly, an awful lot of publications do fall | into that category. Finding a mistake in a book _does_ | make it more likely that it contains other mistakes, and | it _does_ make any given fact in the book more likely to | be wrong. | ben509 wrote: | The claim isn't really that the book as a whole is | necessarily good or bad. It may be expressed as such, but | Crichton was talking about the habits of readers. | | Determining whether a source is trustworthy is an ongoing | process: you're seeing one portion where you have some | expertise or evidence and then another portion where you | don't. You have to extrapolate from what you can validate | to whether what you can't is valid. | | The complaint behind Gell-Mann amnesia is that we're too | quick to dismiss clear evidence that a source is | untrustworthy, that we have a bias towards trust. | | To put it in perspective, let's imagine the opposite, | call it Crank Awareness. If you see a document and it's | laid out poorly, uses weird boldface, all caps, colors | and blinking text, you'll, at the very least, get the | impression it's written by a crank before you even start | reading. | | > But believing they are always bad is the same logical | fallacy as believing they are always good. | | Again, this comes back to the problem of strict logical | reasoning vs. treating trust as a larger process. We have | limited resources to evaluate sources, so we're stuck | making fallacious generalizations when we need to make a | decision based on our sources. What we want in the long | run is to incentivize authors to exercise care and | diligence. | | That would indicate we should punish known bad | information by deprecating the authors. So another way of | reading Gell-Mann amnesia is that readers aren't doing | this. They're seeing stuff that they know is wrong and | continuing to patronize the publications regardless, thus | authors can be untrustworthy and still collect a | paycheck. | eckesicle wrote: | They're not talking about extrapolating from one mistake | though. They're talking about drawing one observation | from a population of an unknown distribution. At that | point that single observation the only estimate of the | quality of the entire book. If you decide to not sample | further (that is find other chapters in the book of which | you are an expert) then the conclusion that the book is | trash is the only rational one. | | (If you want to read more about this then google "single | observation unbiased estimator") | drivebycomment wrote: | > If you decide to not sample further (that is find other | chapters in the book of which you are an expert) then the | conclusion that the book is trash is the only rational | one. | | That's exactly the wrong kind of extrapolation I'm | pointing out. If you found a flaw in one chapter, the | book _can_ be trash, and the chance of it being trash is | definitely higher than without any other data, but | whether the absolute chance of it being trash is | sufficiently high enough can only be determined based on | the nature of the flaw, and even then, the confidence for | that conclusion can 't be really that high. | Matticus_Rex wrote: | I'm not suggesting that one declare the whole book wrong. | I'm suggesting the book should be treated very | skeptically. | ufmace wrote: | This seems like something different to me. Most books, TV | shows, movies, etc that do anything with technology above | the most basic level usually get at least one thing | incredibly wrong. It's not necessarily a deal-breaker | though - almost all stories are written to present and | advance an interesting plotline, and almost all of them | gloss over various inconvenient realities for the sake of a | better story. Consumers can usually suspend their disbelief | and accept the story for its own sake. | | Problems only really come in when ignorant people read too | many stories and start to think that how they present | things is actually real. And some people who know a | particular area very well may find whatever the story does | too patently absurd to suspend disbelief. | Retric wrote: | Rationalist circles make just as many horrific logical | errors. If you want to dig into this stuff philosophy has | dug deep, and frankly all they came up with is all sources | should be treated as suspect. Aka, even if a source got the | stuff you know about right, you should still be be | skeptical. And yes, that includes purely logical reasoning | about math. | | It's not a satisfactory answer, but -\\_(tsu)_/- | Matticus_Rex wrote: | I have bad news about philosophy circles; I agree that | some philosophers have dug deep, and most people in | philosophy circles (even those who have read widely) are | much worse at this than the LW folks. | | (I found LW/rationalism through philosophy circles, | incidentally) | Retric wrote: | There's got to be a joke about the discovery that nobody | has a clue failing to generate experts who realize they | don't a clue. | | Sadly, I am not a comedian. | jdsalaro wrote: | > Rationalist circles make just as many horrific logical | errors. If you want to dig into this stuff philosophy has | dug deep, and frankly all they came up with is all | sources should be treated as suspect. | | Sharing some anecdata, because I enjoy when others do. | | I've got some very dear friends born in a highly | prescriptive culture where credential-ism runs deep, | being an intellectual is extremely valued -people are | often denied leases due to their non-academic status- and | authority figures and strangers get the "Mrs." and "Mr." | treatment for years after you've met them. Early on in | our friendship we would discuss and rant about everything | and anything. We would often talk about my attitude of | trusting no one and how I believe there are, truly, no | experts, in the colloquial sense of the word. We've often | had late-night discussions about my "stubborn and deeply | misguided attitude", about how it's wrong that the only | experts I trust are those who deeply distrust their own | abilities, instincts and continuously attempt to disprove | their own claims. | | Shockingly, they defended the aforementioned views until | many of their countries top virologists and they | themselves, often and loudly, shared their opinion on | covid-19 around March, April and May: covid-19 was | nothing special, national mortality trends were | unaffected, their country is rich and they had a high | number of ICUs, it was basically just like the flu and | nothing to worry about. Then, as we all know, shit hit | the fan and we saw cooling trucks being turned into | mortuary vehicles. I simply told them what I've always | told them, and for the first time since we're friends | they nodded with some sadness in their demeanour: trust | no one, acquire evidence, make your own judgments, try to | find hidden risks and the only so-called experts worth | trusting are the ones who, in their own words, publicly | and candidly express their skepticism towards their very | own claims and try to help you reproduce their methods | and conclusions. | Enginerrrd wrote: | What is an "LW-style rationalist circle"? | [deleted] | tialaramex wrote: | I assume LW here stands for Less Wrong as in | https://www.lesswrong.com/ | ScoobleDoodle wrote: | LW seems to stand for Less Wrong: LessWrong (also written | Less Wrong) is a community blog and forum focused on | discussion of cognitive biases, philosophy, psychology, | economics, rationality, and artificial intelligence, among | other topics. | | https://en.wikipedia.org/wiki/LessWrong | gsich wrote: | Or the opposite happens. | [deleted] | AnonC wrote: | When I read the original blog post by Cellebrite, which is on | archive.org [1], it left me scratching my head too. Signal is | open source. They had access to the device to dump everything. | Then they went through the source code to figure out how to | decrypt the data. Just as this blog response says, they could've | just opened the app and retrieved the contents (and even | forwarded that to another device if they wanted). | | So someone enthusiastically posted about wasting their time as if | it was a technological achievement. Then someone (else?) realized | that the long technical post sounded stupid and had it replaced. | | And some people wonder where their tax money goes to -- all these | companies who are better at marketing themselves well as experts | are getting free lunches! | | [1]: | https://web.archive.org/web/20201210150311/https://www.celle... | TearsInTheRain wrote: | Are there any real checks on government spending? | enkid wrote: | I mean, law enforcement has a budget just like anyone else. | They can't just make up money, unlike a national bank. | segfaultbuserr wrote: | > _Cracking The Code_ | | > _[...] Once the decrypted key is obtained, we needed to know | how to decrypt the database. To do it, we used Signal's open- | source code and looked for any call to the database. After | reviewing dozens of code classes, we finally found what we were | looking for_ | | > _[...] After linking the attachment files and the messages we | found that the attachments are also encrypted. This time, the | encryption is even harder to crack. We looked again into the | shared preferences file and found a value under | "pref_attachment_encrypted_secret" that has "data" and "iv" | fields under it._ | | Today I learned that I can do code cracking too... | wnevets wrote: | is the equivalent to calling oneself a lock picking expert | because they had the actual key to the lock? | segfaultbuserr wrote: | After opening the cabinet and the box with money we found | is also locked. This time, the lock is even harder to | crack. We looked again into every single coffee mug and | bookshelf in the room, and found a keychain hanging on the | second office desk drawer, that has the "key" on it... | dwiel wrote: | I needed to get into my office so I asked my boss for a | key. She gave me an entire key ring of keys. After trying | dozens of keys against my office door I finally found the | key that worked. | segfaultbuserr wrote: | It's actually how you decrypt an anonymous OpenPGP | message (e.g. in GnuPG, you can create one using --throw- | keyids or --hidden-recipient) - Normally an OpenPGP | message records its intended recipients in the header, so | GPG knows which key to use right away. But when the | message is anonymous, GPG must try all the private keys | in the keyring one by one, until it sees a valid solution | or fails. If you have multiple private keys, you'll go | through many passphrase popups (and smartcard/USB | swapping), the struggle is real! | tialaramex wrote: | Trial decryption. This is a potential server behaviour | for Encrypted Client Hello (the current iteration of the | work to encrypt SNI in TLS traffic) too | | ECH will be GREASEd. To prevent those who might want the | capability to stop ECH in the future from getting a head | start while it's uncommon, implementations would always | pretend to be doing it anyway. | | So talking to any TLS server, even one that has no idea | about ECH, the client says basically "Hi, here is a | normal unencrypted TLS 1.3 Hello message for | this.server.example, also, here's an Encrypted Client | Hello message". If the server actually does offer ECH, | there could be a real Client Hello, perhaps addressed to | another.server.example, encrypted inside the Encrypted | Client Hello, but if not there's just random noise. An | eavesdropper doesn't have the key, so they don't can't | tell which is the case. | | Obviously if your server can't do ECH, the Encrypted | Client Hello is just a mysterious unintelligible | extension with noise inside it, no further inspection | needed. | | And in some setups the server knows how to tell easily | which key would have been used for any valid ECH, so if | that key doesn't work then it was just noise, and can be | ignored. | | But in other cases the server knows two or more keys that | might be valid, yet the client either can't or has chosen | not to be open about which (if any) was used, so the | server has to try them all until it finds out. | | This is Section 10.4 of the current draft: | | https://tools.ietf.org/html/draft-ietf-tls- | esni-09#page-28 | segfaultbuserr wrote: | Great comment! Thanks for telling me that ESNI is more | interesting than I thought. /me TODO: read the ESNI spec | from cover to cover. | arthurcolle wrote: | What's it like to be an elite hacker? | stouset wrote: | Having the actual key to the lock, then using that to | specially craft a pick made in the exact same shape and | size as the original key. And then using that to "pick" the | lock. | | So maybe more like the person who works the key cloning | machine at the hardware store. | throwaway744678 wrote: | Only if you can review _dozens of code classes_ , that is. | segfaultbuserr wrote: | grep is now an evil code cracking tool. | sequoia wrote: | Don't tell the FBI this, they won't know you're joking | (see schwartz, manning, & wget). | PeterisP wrote: | "they could've just opened the app and retrieved the contents" | is not really sufficient. | | First, doing it manually through the app is not okay since it | does not scale, you don't want to read a message, you want to | retrieve and index all messages, and you might want to process | many devices quickly. | | Second, apps usually do not show the user all the information | that's available - often there is extra metadata (which may be | as important as the message contents) so you do want to decode | the actual message database. | | Third, doing it through the app might change things - the app | may change state (for example, mark an unread message as read), | send some notification to central servers, alter metadata, etc. | So it potentially disrupts evidence, and that's not okay. | | So the original blog post from Cellebrite makes all sense - if | you do want to do forensics, then a tool that does all that is | really a requirement, it's not wasting time. | smsm42 wrote: | As a forensic tool, it surely does, and such tools are both | common and have their robust client base. I think the mistake | in that article was to present a forensic tool as some kind | of advanced code-breaking. I guess it sounds more exciting | this way, but also kinda misleading - which is witnessed by | the fact that BBC was totally misled about it. | aurelianito wrote: | You can make a copy before opening the app. | woodruffw wrote: | I agree that both the original post and the media coverage of | this is extremely misleading. | | > So someone enthusiastically posted about wasting their time | as if it was a technological achievement. | | I think there's plenty of value and achievement in | understanding a program's functionality, even when the source | is fully available to you. | | We all (presumably) agree that source code _isn 't_ self- | documenting and that understanding someone else's work usually | involves a lot of individual comprehension and context; I read | this blog post as someone (diligently) describing their mental | process as they tried to understand Signal's internal formats. | As others have pointed out, there are oodles of "legitimate"[1] | reasons for doing so. | | [1]: From the perspective of LEO and the legal system, anyways. | thedanbob wrote: | I agree as far as the content of the article is concerned. I | think the main problem with it was its tone. I think if they | had approached it the way you described, someone just going | into detail about how they analyzed an unfamiliar | application, it would have been fine. As written, it feels | like a new programmer bragging to his friends about how he | got "hello, world" to compile. | javajosh wrote: | _> wasting their time_ | | I agree with your post, except for this. It is NOT a waste of | time to assert, once in a while, your power to examine, | extract, and change anything running on your device. | zenexer wrote: | > anything running on _your_ device | | Cellebrite isn't meant for use with devices you own; it's | meant for use with devices seized by law enforcement. I'm not | so sure that qualifies here. | alisonkisk wrote: | Using an example of hacking into data that is already | directly available is silly. | | It would be interesting if they did that to something | restricted, like a Netflix movie. | segfaultbuserr wrote: | +1. If what they were working on was not Signal but some | proprietary applications (possibly with DRM), the hilarious | blog post on their "code cracking" effort can actually be a | legitimate one. In principle, the process is the same - | break into something when you are root already. The only | difference is the challenge of code obfuscation - which is | a real one, unlike Signal. | yorwba wrote: | Exactly. I've so far decrypted my own messages from two | different apps because I needed some specific information | that would've been too hard to find without RegExp-capable | search. In both cases I was glad to find guides online | explaining how to pull the database, get the decryption key | and decrypt the database with the key. | | It may seem trivial from a security perspective since it | doesn't involve breaking any cryptography, just using a | decryption key as intended, but in practice the ability to | get a plain-text dump of all messages is very useful. | modriano wrote: | In the usecase I'm particularly familiar with (law enforcement, | specifically of violent crimes), it's pretty valuable to | minimize the amount of manual data handling investigators have | to do. The State's Attorneys office/US Attorneys | office/Prosecutor's office have finite resources and have to be | selective about the cases they decide to spend resources on. | Even if the correct suspect(s) has(have) been identified and | arrested, the case can be rejected if the decision-making | prosecutor thinks the evidence isn't strong enough or defending | the evidence will be too difficult because evidence collection | was done in a nonideal way. It may be possible to forward | Signal messages to another device, but A) that just adds more | links in the chain that can be challenged, and B) most | detectives don't know that's an option or have any idea how to | do it, so you'll regularly see sloppy stuff like photos taken | by the detective of a phone displaying the messages of | interest. | | It's just a lot easier for the investigator to just plug the | phone into a Cellebrite UFED analyzer and extract as much as is | covered either by their search warrant or by the signed consent | form of the phone's user(s), and it's a lot easier to defend in | court, as it eliminates room for accusations that investigators | cherry-picked messages and data that look incriminating out of | context. | | TL,DR: Even if it's not an impressive feature technologically, | it's still a valuable feature to some of Cellebrite's main | customers. | exikyut wrote: | Ever since I learned Facebook greenlit "Signal is awesome, were | using it" I've been trying to headscratch _why_. Then I realised | WhatsApp had kicked the whole thing off years ago and got even | more confused. _Why do you want to encrypt everything??? It makes | your life harder. It makes cooperating with law enforcement | harder. It means legitimate users can 't recover their messages. | It means you can't do fun things with analytics, which is | extremely contentious but concedably valuable. So, why??_ | | I think I've figured it out. A tiny little bit of it, anyway. | | Imagine you're a multi-million (okay, multi-billion) dollar | communications company. You're WhatsApp. Apple (iMessage). | Facebook. Google (RCS). | | _You store trillions of messages._ | | In those _trillions_ of messages, _you are going to have the | statistical >100.00% guarantee_ that there are chats and | conversations between individuals and groups that would launch | World Wars 4 through 16 if certain other individuals, groups, | governments and so forth were to learn/verify that A did really | say <thing> to B. The nuclear launch codes don't fit in a | football anymore. | | I have no hope of ever confirming the validity of that Bloomberg | article about the alleged Supermicro hack. But it seems "well | duh" simple enough to be concerningly plausible (custom silicon | packaged in WLCSP or SC70, bit-twiddling SPI? Too easy... :S). As | a technically-flawless plausibility, I say it can serve as a | concrete reference example of a fraction of the persistent, | sweeping, ruthless, and terrifying scale of the super-industrial, | Eye Of Sauron-style attacks that these companies have very | obviously been facing for some time now. | | So, my possibly-not-really-a-conspiracy-theory-since-the-pieces- | come-together-without-fantastic-levels-of-extrapolation theory | is, someone stumbled on an idea one day, maybe in a stuffy | committee meeting, or maybe in a bar, _to solve the problem by | giving the people what they wanted_... end-to-end encrypt | everything... and go from encryption at rest, which is basically | nothing, to encryption everywhere; and you instantaneously divest | the massive, massive burden of owning _all that readable data_. | | True, now "accidentally" forgetting the `s` in backend URLs | doesn't let the NSA read everything anymore, but that kind of | pales in comparison to being able to _incontrovertibly, | mathematically prove_ that, since the data really is encrypted | before it leaves the device, there really is no chance any | readable plaintext is leaking and potentially being stored; so if | the nation states would kindly take stock of this situation and | point the coherence death ray beams elsewhere that would be great | since we are kind of on fire here at the moment and it 's too hOT | we are meLTING-- | | Getting this to catch on was obviously difficult. Anybody that | can scare multi-billion dollar companies obviously has the skill | to steer collective opinion and impression at scale. Whoever came | up with the idea to piggyback on top of individual privacy is... | a task-focused genius, I'll put it that way. On the one hand, the | idea has scaled beautifully: all the tech folks have gone "Is | private. Respects freedom. Og like." and loudly pushed for the | idea everywhere they can. And from a sociopolitical perspective, | the narrative is faultless and blameless, which is where the | genius definitely shines through. | | The first bit I can't say I like is the narrative appearance of | first-class support for end-to-end encryption as a Scientific | Advancement(tm). It's not. It's an implementationally-scoped, | crowd control spin campaign to increase datacenter security | beyond what disk encryption at rest can ever achieve. The scale | of wreckage in the form of technically minded people who really | believe the privacy narrative is disillusioning to see. | | The other bit that I find unamusing is the long-term shifts in | the attack landscape that will result from this. Specifically the | fact that, an Eye Of Sauron style adversary is not ultimately | going to care what their attack target is, or how to attack it, | only that it gets vaporised. _End-to-end encryption shifts the | burden of responsibility to the owner of the server to the owner | of the client_. I can see the positive angle here from a think- | tank standpoint - literal decentralization as a defence strategy | - but still, Android /iOS are now the focus of some laser beams | that were terrifying a bunch of rather large companies. Maybe | it'll seem reasonable to heavily fund the vulnerability research | scene to maintain a favorable status quo, and we'll see some | impressive hacks going forward (or, er, we won't). Or maybe | things are already "that bad" and I don't have anything to worry | about. But considering that users are now that much more | responsible for devices that are interesting in a way they were | never before, this whole strategy kinda feels irresponsible to me | if you squint at it from a certain angle. At the same time, it | might ironically be ensuring our survival. | | In this picture, law enforcement really is the afterthought. It's | well known the law court system doesn't understand technology and | is 20 (40? 50?) years in the past. That situation extends beyond | the courts though, with law enforcement generally in the same | position. But it's worse than it may at first seem, because the | notion of "the past" that refer to a collective public | interpretation of "now" doesn't do justice to the technological | development that has happened at these companies over the last | 5-10 years - these private companies are internally fighting | battles of a complexity that the public law enforcement system | cannot hope to comprehend, let alone help with. | | In this fight, the best way to avoid World War 4 is to encrypt | everything. But Washington is still getting over how cool they | handled the Cold War, and the police still think it's "hard" and | "complicated" and "special" to "hack phones". | [deleted] | radoslawc wrote: | If reason for that blog post was to get famous. Well I'd day | mission accomplished. I haven't heard about Cellebrite before. | e12e wrote: | > [Cellbrite] is not magic, it is mediocre enterprise software. | | <3 | rapsey wrote: | > If you have your device, Cellebrite is not your concern. | | But if the attacker has a 0day, which likely all the big players | do, they don't need your physical device. Which means signal will | do squat to protect your data in that case. | richardlblair wrote: | Yes, this is true for literally anything. All you just said is | "If your device is compromised your device is compromised". | That's not profound. | rapsey wrote: | It is when the vast majority of users relying on Signal | security, sometimes with their lives, do not know that fact. | croes wrote: | If anyone has access to your device, your data can't be | protected, don't matter if physical or remote access. The | attacker could simply log all your passwords, so there is | nothing signal nor any other software could to. | londons_explore wrote: | And more importantly, any software which claims to have | "antimalware" or "anti-rootkit" or similar techniques is | snake oil... | | Above using the platforms secure storage for secrets, there | is nothing more an app should do. | edm0nd wrote: | All nation-state governments are just buying 0days from | companies like NSO Group and Zerodium. | | The question is are you a valuable enough asset that they are | gunna burn their $50M 0day just to get your device. | | I think Signal is pretty safe from such things. Better than for | example Whatsapp. Which seems to be where a majority of these | nation-states using their 0days and exploits on. | rapsey wrote: | > All nation-state governments are just buying 0days from | companies like NSO Group and Zerodium. | | USA/Russia/Israel for sure have these programs. | | > The question is are you a valuable enough asset that they | are gunna burn their $50M 0day just to get your device. | | You are at least an order of magnitude overshooting the | price. Also what is the percentage of Android phones not on | the latest security patches and pretty much wide open for | known 0days? For sure 90%+. | | This tech is available for anyone with enough money, there | are plenty of bad guy rich people. An actual investigative | journalist can easily make an enemy of a rich person. | | > I think Signal is pretty safe from such things. | | You base this information on what? If someone is executing | code as root on your phone they can absolutely use the method | describe in the Cellebrite article. | richardlblair wrote: | If someone has gained root you're done. Every application | must be assumed to be unsafe at that point. This isn't | news, and it doesn't mean signal is broken. | Technically wrote: | What app can withstand attack from a rooted process? | Erlich_Bachman wrote: | Good luck finding a messenger app that can help you when | "they have root access to my phone" is in your threat | model. Not sure what you expect Signal to do about this... | grumple wrote: | Are there not any apps that do this? I notice that signal | unlocks when you unlock the phone; are there not e2e | messaging apps that require authentication (whether | passcode or biometric) on unlocked devices? | | Just checked, Signal has this; does this actually serve | to unencrypt the encryption key or is that still | accessible as root? | Technically wrote: | It doesn't matter. You wait until the user auths and | sniff the plaintext password out of memory. Root = game | over. | rapsey wrote: | > Not sure what you expect Signal to do about this... | | Be upfront about it. The vast majority of their users, | even those who should know better do not realize this. | | 0days are not that expensive. Within reach of practically | any bad guy really. | | They are highly proud of Snowden recommending them. But | anyone operating on the level he did is a moron to trust | Signal. So what the fuck? | roywiggins wrote: | If you're worried about dragnet surveillance- which is a | large proportion of what Snowden revealed- then Signal is | not a bad thing to recommend. | | There are no apps that resist the phone being rooted. | Everyone is vulnerable to 0days _by definition_. | SVFafgg0t wrote: | I wonder why noone makes a 'no root system' su root NO su | no YES. | | so you're user YES, which is NO-root, but YES | | rm -rf / | | Great Sucess. | | NO or NON root system, it seems like a marketable | gimmick. | | Must be up your people's ass. | rapsey wrote: | > There are no apps that resist the phone being rooted. | Everyone is vulnerable to 0days by definition. | | I don't know why everybody is repeating this as if I | somehow don't understand that. My point is Signal is | promoted as some sort of panacea by security | professionals even though all that security can be | bypassed, likely routinely by actual bad guys. | renewiltord wrote: | I think the problem here is that you have misinterpreted | a recommendation that is using the median risk as a | recommendation that is using the p100 risk. Allow me to | correct that for you: security professionals are not | recommending Signal as protection against the p100 risk. | Hope that helps. | roywiggins wrote: | I mean that that Snowden specifically agitated about | dragnet surveillance, so it's not at all surprising that | he'd promote the encrypted messaging app that he thinks | is the most effective against it. | | Has he ever said that Signal is the end-all, perfect | solution that will prevent all kinds of threats and | provide perfect privacy? I am sure there is a lot of | sloppy messaging out there, but an endorsement along the | lines of "I trust Signal's encryption and that it's not | backdoored" is not unreasonable | NateEag wrote: | https://medium.com/message/everything-is- | broken-81e5f33a24e1 | pkulak wrote: | Unless you use disappearing messages and view-once media | messages like mentioned in the linked post. | roywiggins wrote: | Those features help against Cellebrite but not against actual | 0days which can read incoming messages in real-time. If the | NSO has a rootkit installed on your phone, it doesn't matter | that Signal is shredding messages after you read them. | Brian_K_White wrote: | This isn't a useful observation. | | A communication has many links in a chain. | | Some links in most chains will have some weakness or other. So | what? | | That does not mean that there is no value in the strong links. | | You might as well say "But if the attacker has a sniper, which | likely all the big players do, they don't need to read you | communications to get you, they can just shoot you from across | the street. Which means Signal will do squat to protect your | life in that case." | Justsignedup wrote: | Any time any encryption breaking has the words "well, if we can | retrieve the decryption key from the phone" and doesn't back that | up with a mechanism by which this is feasible, this isn't an | encryption breaking as much as it is "if i had an already | decrypted device, then man can i do cool stuff for you!" | elago wrote: | More clarification on the topic would be nice. When I open the | Signal app right now, I am nagged to "Create a PIN. PINs keep | information that's stored with Signal encrypted. Remind Me Later | / Create PIN". | | Would be interesting to know if an app specific PIN resists | cellebrite analysis. Screen unlocked, Signal PIN enabled. | mikece wrote: | While Signal's encryption is good, I don't like that (1) you have | to have a phone number to register, (2) it asks for access to | your contacts on your phone (3) you have to install the app on a | computer rather than being able to just use it through a browser. | For these reasons I prefer Wire... and you can log into three | accounts at once on the free tier. | angry_octet wrote: | Re your points: | | - (1) They are working on this, but it serves to limit spam, | and it is easily comprehensible by the non technical. | | - (2) You don't have to give it access, it works either way. If | does its best to only use this for finding which of your | contacts use Signal, rather than uploading the full address | book. | | - (3) client side crypto is supplied by the server, which | fundamentally is a big problem for a system like Signal. Until | web crypto is not a dumpster fire you can't do better. (I | personally think allowing the Electron app is a huge mistake | but it's their call.) | dylan604 wrote: | I found the original setup requiring a phone number off putting | as well. However, I'm not sure how much it is used. In my case, | I had a phone number that was used to set up signal. It was my | number at the time. I now have a new number, yet there is no | within Signal to update that number. It still shows the old | number in my settings. ???? Signal still works just fine for me | and all of my contacts | pkulak wrote: | Using only the homeowner's house key and extensive key-sliding- | into-lock reverse-engineering, I'm able to break into their home. | Whitepaper coming soon. | scrps wrote: | Don't forget a snappy and memorable name (suggestions: Lock0ut, | KeyMast3r, Tumbld) and the requisite domain name to accompany | it. | edm0nd wrote: | This is the LockPickingLawyer here and today I'm going to read | this whitepaper by pkulak | pkulak wrote: | Click out of one... | kvothe_ wrote: | Whoever wrote the article for Signal should be writing bars in | rap songs. Such a great article. I was laughing the whole way | through. The author manages to poke fun of Cellebrite and plug | Signal. | 1cvmask wrote: | Moxie of Signal has a great hilarious presentation on SSL at Def | Con 19: | | https://www.youtube.com/watch?v=UawS3_iuHoA | segfaultbuserr wrote: | Thanks for the link. Moxie's talk is better all the talkshows | I've seen, absolutely hilarious, how could I miss this one | before... | 1cvmask wrote: | Here is another great one where he ties American action | movies as narrative with secure communications: | | https://www.youtube.com/watch?v=tOMiAeRwpPA | tialaramex wrote: | That is a fun presentation, although the title is misleading | because it's 99% about the Web PKI which is orthogonal to SSL | (and TLS). TLS doesn't care at all why you trust these | certificates, if you want to trust certificates so long as the | public key contains the decimal digits 42069 that's fine. | | Even PKIX (the IETF's profile for X.509 on the Internet) is | orthogonal to TLS as designed, although in practice you're | creating a world of pain for yourself if you decide you do want | TLS but you don't want PKIX since the two have grown next to | each other for decades. | | Anyway, almost all of Moxie's talk is about the Certificate | Authorities in the Web PKI, and not about SSL/TLS per se at | all. It's about his attempt (Convergence) at multi-perspective | peer validation for authenticity to eventually replace | Certificate Authorities. Could that have worked? Maybe, sort | of. It never went anywhere much. | | Of course in hindsight we can't blame Moxie for not guessing | what will happen next - I expect few if any of us spent last | Xmas thinking "Better enjoy this, next Xmas will be a totally | different ball game because of a pandemic virus" either. | ianopolous wrote: | There is something which Signal could do to help even in this | scenario. Give the user a logout option which leaves nothing but | ciphertext on the device (e.g. by encrypting any plaintext keys | with the passphrase). To login again you need a passphrase. Then | as long as the user has enough time to click logout they are safe | even when the device is out of their hands. Of course, after | that, it might be prudent to consider the device compromised, and | thus not login again afterwards in case it has been backdoored. | upofadown wrote: | The Signal app used to have an option to protect the critical | data with a strong passphrase but that option was removed. | | The developers might of considered that the real threat was a | remote access trojan that would just keysniff the passphrase. I | guess the Cellebrite thing is a reminder that there are other | threats. As it is you are pretty much lost if someone is | willing to snatch the phone from your hand while you are | looking at cat pictures on the web. Phones really need more | than one level of "unlocked". | ben7799 wrote: | Exactly.. it would also be possible to design an app that never | persists any messages or other information on the phone.. | though at that point the whole thing is just a shell over a | website. | | There were applications that worked that way before mobile | phones and the web. | jeffrallen wrote: | Read this blog post to the last sentence, your patience will be | rewarded with the mother of all digs. | Imnimo wrote: | Signal says: | | >Not only can Cellebrite not break Signal encryption, but | Cellebrite never even claimed to be able to. | | But the original Cellebrite post says: | | >Decrypting messages and attachments sent with Signal has been | all but impossible...until now. | | and | | >This time, the encryption is even harder to crack. | | It's just that Cellebrite's claim is totally baseless and what | they're actually doing is not "breaking" or "cracking" anything. | The BBC article should have been more critical of Cellebrite's | language, but I don't agree with Signal that their headline was | "false". | coldcode wrote: | They automated taking pictures of app content on an unlocked | Android phone, and bragged about it as a breakthrough tech, | then deleted the article and replaced it with fluff. | Embarrassing. | Imnimo wrote: | Right, Cellebrite's clearly way off base here. But the BBC's | headline seems to accurately describe their wild claims. | smurf_t wrote: | BBC, you failed us here. | olodus wrote: | If Cellebrite thought they had broken the signal encryption - why | did they release it in a simple blog post? As responsible people | in the sec community shouldn't they tell this to the Signal devs | first so that they could review it and fix it if possible/needed? | Or is that just something real security researchers are required | to do and not something companies feel themselves bound to in any | way? | raziel2p wrote: | Probably just the company wanting to push out some engineering | blog content, and very unfortunate phrasing in the blogpost | itself. If they'd framed it as "let's learn how Signal's | encryption works" there would not have been any issue. | saagarjha wrote: | Cellebrite isn't a responsible security research company; they | sell tools to the government to break into devices using | security vulnerabilities. | scrps wrote: | I've made it even easier for Cellebrite... | | Have access to unlocked phone?: yes | | Enabled signal backup?: yes | | Copied key to decrypt backup?: yes | | Downloaded Xeals signal backup decryptor from github[1]?: yes | | Decrypted backup?: yes | | Contacted BBC to inform them you "cracked" signal's encryption?: | check | | _Profit_ | | [1]: https://github.com/xeals/signal-back | nelsonenzo wrote: | I'm guessing some overzelouse 20 year old at cellebrite "hacked" | signal and wrote a silly blog post that no one at the company | reviewed and marketing was happy to have some engineering thing | to blog. | | to me what is embarrassing is that all of these major news | outlets and professional journalists could not actually read the | article and do some very basic research before blasting out to | the public. It just really shows how low the bar is to get | something published. I could blow my nose on YouTube and make | stock picks based on where the bugger lands and I wouldn't be | surprised if BBC Business picks up the breaking story. That's how | low the bar is it seems. Sad. | PragmaticPulp wrote: | > I'm guessing some overzelouse 20 year old at cellebrite | "hacked" signal and wrote a silly blog post that no one at the | company reviewed | | More likely the opposite: Some engineer was tasked with adding | Signal database handling, marketing got wind of it, and they | went to town on blog posts and PR pieces about it. | | Really though, they don't care that it's technically wrong. The | target audience for this stuff isn't other engineers or | technical people. It's their potential customers, who don't | know the difference. | upofadown wrote: | I suppose that the BBC article title could be considered to be | correct in a narrow sense. Cellebrite makes products that can, in | some cases, unlock phones. Signal Messenger depends on the phone | OS to protect the key used to encrypt the saved data. So in some | cases Cellebrite does have the power to break the saved data | encryption. | | The Signal case is interesting because the app used to have a | feature where you could protect the data with a separate strong | passphrase. That would of prevented this particular attack. For | reasons that are not clear to me, Signal eliminated this feature. | tw25520481 wrote: | > So in some cases Cellebrite does have the power to break the | saved data encryption. | | IIUC, in those cases they could instead just open the Signal | app. | upofadown wrote: | But you would never want to do something like that if you | were looking for evidence you might want to present at a | trial. | Brian_K_White wrote: | So what? That's a procedural rule not the difference | between "cracking encryption" and not. It still means all | they did was automate something, not crack something. | kortilla wrote: | The annoying part is how effective this is for marketing | Cellebrite. The types of people that use Cellebrite will never | understand the nuance here. | hyperion2010 wrote: | Ah, what a solid Mickens reference. | | http://scholar.harvard.edu/files/mickens/files/thisworldofou... | hprotagonist wrote: | i was very pleased to learn: he's tenured now! | h_anna_h wrote: | > the BBC ran a story with the factually untrue headline, | "Cellebrite claimed to have cracked chat app's encryption." This | is false | | The headline is actually true. Cellebrite did claim that after | all. Whether or not it Cellebrite is lying is another story. | Although it was pathetic of them to not reach out of Moxie. It | only shows the quality of the mainstream media. | kortex wrote: | That doesn't absolve BBC of spreading misinformation, which is | what they are doing. It takes near zero effort to make a | dubious claim on a blog. If BBC then writes, "kortex claimed to | have hacked the NSA", that's _accurate_ , I did make a wild | claim. It's _also_ misinformation if that headline is published | without any investigation as to if that claim has any weight | beyond internet rambling. | | "You can't put anything on the internet that isn't true" | | "Where'd you read that?" | | "Internet" | h_anna_h wrote: | Sure? I never said otherwise. | 1vuio0pswjnm7 wrote: | "2. Cellebrite is not magic. Imagine that someone is physically | holding your device, with the screen unlocked, in their hands. If | they wanted to create a record of what's on your device right | then, they could simply open each app on your device and take | screenshots of what's there." | | Under the laws of many countries, that "record" alone would | likely be inadmissible. Cellebrite's market is authorities who | seize computers and then must follow forensics protocols for | extracting digital evidence. It is not someone holding your | device in their hands, opening up each app and taking | screenshots. | [deleted] | mechnesium wrote: | Friendly reminder that reproducible F-Droid builds of Signal are | still rejected for weak reasons [1]. You must trust the Signal | binaries on popular app stores [2][3]. | | Don't worry though; the Signal devs assure you that signed | Android binaries from their website are reproducible [4]. As if | checksum collisions aren't something that state actors could | trivially create [5]. | | I don't trust Signal. | | [1] https://github.com/signalapp/Signal-Android/wiki/F-Droid | | [2] | https://play.google.com/store/apps/details?id=org.thoughtcri... | | [3] https://apps.apple.com/us/app/signal-private- | messenger/id874... | | [4] https://signal.org/blog/reproducible-android/ | | [5] https://shattered.io/ | hjek wrote: | > You must trust the Signal binaries on popular app stores. | | Or you can just run Signal Desktop exclusively without the | hassle of smartphones[0]. Audio / video calls recently landed | in Signal Desktop too[1]. | | [0]: https://ctrl.alt.coop/en/post/signal-without-a-smartphone/ | | [1]: https://signal.org/blog/desktop-calling-beta/ | NikolaeVarius wrote: | Yes, the collided MD5 that looks like gibberish because a phone | would have no clue wtf to do with a ranom blob of data? | gruez wrote: | >As if checksum collisions aren't something that state actors | could trivially create [5]. | | >[5] https://shattered.io/ | | Collision attacks are an issue when using md5/sha1, but I don't | see how it's relevant in this case. If state actors wants to | replace the signal apk with a backdoored one, they'll need to | pull off a preimage attack, not a collision attack. A collision | attack wouldn't be useful because you still need the original | publisher to sign the apk for you, which seems unlikely | considering OWS isn't a CA or anything. If OWS was compromised | by state actors into signing, then they can just sign the | backdoored version directly, no need for a collision attack. | mechnesium wrote: | Thanks for pointing out collision vs. preimage. Interesting | distinction. | h_anna_h wrote: | I presume that the idea is that the compiled binary from the | source and that the binary distributed by signal would be | different but have the same sha1s. It does not make a lot of | sense though because one could simply use another algorithm. | gruez wrote: | ...or just compare byte by byte, since reproducible builds | provides you with an .apk to compare against, not just a | hash. | mechnesium wrote: | AFAIK, you cannot view applications on iOS unless your | device is jailbroken. Apps are completely opaque since | there is no traversable filesystem. On Android, it is a | little simpler. | | The vast majority of non-technical users have no | knowledge about hexadecimal file comparisons or | checksums. They see an app that promises privacy, and | they click download. | j-james wrote: | Signal's reasons for not wanting to maintain an F-Droid | repository are terrible, but that doesn't in any way compromise | their security. As others have pointed out, reproducibility | goes farther than just checksums. | tempfs wrote: | This whole thing was just BBC clickbait and Cellebrite | advertising to the idiots in law enforcement. | | No one that actually knows even a tiny bit about how shit works | believed the story for even a moment. | modraino wrote: | It is true that Cellebrite blog post looks like an amateur work. | However, an important context is missing from signal' blog post: | | Cellebrite specializes in breaking and extracting data from | encrypted partitions, and (this is the important part) extracting | keys from the secure keystore (Qualcomm/exynos). | | From Cellebrite point of view, the data and keystore are already | "given", all the remains is "breaking" the app encryption scheme, | which in signal's case is trivial. ___________________________________________________________________ (page generated 2020-12-23 23:00 UTC)