Israeli security firm Cellebrite has claimed that it can decrypt messages from the Signal highly secure messaging app.
The BBC reported the link to a blog on the company website that details the procedure to decrypt the Signal messages. The post was later changed and only reported that the Cellebrite Physical Analyzer allows lawful access to Signal app data, while the instructions have been removed.
“Signal keeps its database encrypted using SqlScipher, so reading it requires a key. We found that acquiring the key requires reading a value from the shared preferences file and decrypting it using a key called “AndroidSecretKey”, which is saved by an android feature called “Keystore”.” states the original version of the post. “Once the decrypted key is obtained, we needed to know how to decrypt the database. To do it, we used Signal’s open-source code and looked for any call to the database.” “After finding this, we simply ran SqlCipher on the database with the decrypted key and the values 4096 and 1 for page size and kdf iterations. By doing so we managed to decrypt the database.”
The creator of Signal, Moxie Marlinspike, defined the Cellebrite’announcement as being risible.
Highly encrypted messaging apps such as Signal and Telegram are widely adopted by those people that want to protect their privacy, unfortunately, it is widely adopted by ill-intentioned to protect their communications.
The Israeli mobile forensics firm Cellebrite is one of the leading companies in the world in the field of digital forensics, it works with law enforcement and intelligence agencies worldwide.
One of the most popular services provided by the company is the UFED (Universal Foresenic Extraction Device) which is used by law enforcement and intelligence agencies to unlock and access the data on mobile devices.
Despite the rumors about Cellebrite capabilities, Signal remains one of the most secure apps to communicate, the popular whistleblower Edward Snowden also endorsed it.
“Cellebrite seem to have been able to recover the decryption key, which seems extraordinary as they are usually very well protected on modern mobile devices.” Alan Woodward, a professor of computer science at Surrey University, told BBC.
“I suspect someone in authority told them to, or they realised they may have provided enough detail to allow others – who don’t just supply to law-enforcement agencies – to achieve the same result.”
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Signal)