Signal:
Storing messages outside of your active Signal device is not supported.
Messages are only stored locally.
An iTunes or iCloud backup does not contain any of your Signal message history.
This makes it private on iOS because other apps can’t access the message database. But the same design doesn’t work so well with the Mac version.
Mysk:
This is the folder structure of Signal’s local data on macOS. The encrypted database and encryption key are stored next to each other. The folder is accessible to any app running on the Mac.
Why didn’t they store the encryption key in the keychain?
Mysk:
The encryption key used to encrypt the local DB that contains all the secrets and chat history is stored in plain text in a location accessible by any app, process or script started by the Mac user.
It’s very tempting to use Signal’s desktop app. This is particularly useful for activists who can be more productive using a desktop than a mobile phone. Signal doesn’t make it clear that linking a desktop app can render Signal’s “gold standard” for encryption useless.
This seems like a much bigger deal than last week’s ChatGPT story.
Mysk:
I wrote a simple Python script that copies the directory of Signal’s local storage to another location (to mimic a malicious script or app)
[…]
Messages were either delivered to the Mac or to the VM. The iPhone received all messages. All of the three sessions were live and valid. Signal didn’t warn me of the existence of the third session [that I cloned]. Moreover, Signal on the iPhone still shows one linked device. This is particularly dangerous because any malicious script can do the same to seize a session.
Saagar Jha:
I think a lot of people have recently learned something that horrifies them. I do not fault them for that in the slightest. I just also want them to share my terror of this being standard best practice in the industry.
Previously:
Update (2024-07-09): Lawrence Abrams:
A mistake in the process used by the Signal Desktop application to encrypt locally stored messages leaves them wide open to an attacker.
He wrote this in 2018, and there are forum posts older than that referencing the issue. Curiously, a Signal developer offers the explanation that even though they are using an encrypted extension to SQLite and configured it to encrypt the database with a password, it was not their intention to protect the database with encryption:
The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide. Full-disk encryption can be enabled at the OS level on most desktop platforms.
I don’t understand what the reason was, then. And full-disk encryption is a solution to a different problem; it does not protect the data from other processes on the system.
Matt Henderson:
This is shocking for anyone considering Signal the gold standard in security.
Update (2024-07-15): Lawrence Abrams:
The response was unusual after Whittaker’s constant retweets about the security and privacy implications of Microsoft’s Windows Recall and how data could be stolen by local attackers or malware.
[…]
In April, an independent developer, Tom Plant, created a request to merge code that uses Electron’s SafeStorage API to further secure Signal’s data store from offline attacks.
[…]
While the solution would provide additional security for all Signal desktop users, the request lay dormant until last week’s X drama. Two days ago, a Signal developer finally replied that they implemented support for Electron’s safeStorage, which would be available soon in an upcoming Beta version.
Ben Lovejoy:
Using Keychain on Mac fully secures the encryption key, while the Windows solution could still potentially be compromised by some malware, but will be significantly safer than now.