Currently, many media report that it is possible for investigative authorities to hack, among other things, the Signal Messenger, which is considered a secure messenger. Even Forbes magazine is grandly titled “Can The FBI Hack Into Private Signal Messages On A Locked iPhone? Evidence Indicates Yes“. You have to look at some aspects that may make the whole topic appear a little clearer, because nothing was hacked here.
The FBI also does not hack the messenger signal, but the smartphone on which the messenger is installed, in this case, Forbes was referring to iPhone The iPhone in question appears to be either an iPhone 11 (whether Pro or Max) or a second generation iPhone SE. It is essential here that leading manufacturers of forensics solutions have succeeded in reading out smartphones.
The decisive factor here is also how the smartphone could be read out. A forensic 1:1 copy of all data is usually the choice to really get to the data from the system, where usually the keys used by messengers to encrypt their data are also stored. Furthermore, an iPhone, for example, behaves differently once it has been started and unlocked, than if it is switched off and remained (AFU). But even this does not work for all devices.
Therefore, rather the decisive point is how to get the data of the smartphone bypassing the device lock and that with iPhones and Android devices. Because these also come up with KNOX (Samsung) or Secure Boot with new security features. But if you have the data from a smartphone, the supreme discipline, the decoding, takes place. The data from the file system is again assigned and displayed in such a way that it becomes visible and readable.
Since forensics manufacturers invest a lot of effort and development in it, it is also possible for them to assign the keys of the messengers when decoding so that the encrypted data becomes visible again in clear text. All these facts inevitably lead to encrypted mails, messenger messages, etc. being decrypted, but do not make the products insecure in themselves as long as there is no security vulnerability there.
(Ps.: the renowned forensics manufacturers have been able to do this for a long time)
What should also be mentioned in this context is the fact that programs that pretend to be keyboards can also read data from messengers, namely everything that will enter via the keyboard. Spyware, if it is present on a device, can of course also get data from encrypted messengers.
A Signal spokesperson speaking to Forbes said: “If someone is in physical possession of a device and can exploit an unpatched Apple or Google operating system vulnerability in order to partially or fully bypass the lock screen on Android or iOS, they can then interact with the device as though they are its owner.
“Keeping devices up-to-date and choosing a strong lock screen passcode can help protect information if a device is lost or stolen.”
Forensic exploitation of devices affects any encrypted communications app, from WhatsApp to Wickr, not just Signal. What is apparent is that the government has a tool that can bypass encryption to get into what most people would assume are private messages.
According to a report ‘tactical approval for killings’ by Declassified UK released recently, Kenya’s investigative authorities use Cellebrite for surveillance.
Cellebrite, an established Israeli forensics tech provider, has long served American law enforcement, as well as global police agencies.
In December, Cellebrite indicated it had developed “advanced techniques” to bypass Signal encryption, though Signal issued a statement lambasting not just the company but media reports that had repeated Cellebrite’s claims. In a blog post, Signal said all Cellebrite had done was “parse Signal on an Android device they physically have with the screen unlocked.
Kenya Insights allows guest blogging, if you want to be published on Kenya’s most authoritative and accurate blog, have an expose, news TIPS, story angles, human interest stories, drop us an email on [email protected] or via Telegram