Privacy: the FBI can read Signal’s chats

Signal's chats are not 100% secure either: Forbes has found documents proving that the FBI would know how to read them.

According to the latest data from Sensor Tower, the messaging app Signal has been a huge success in recent weeks with 17.8 million downloads between January 5 and 12 alone, just as the controversy over WhatsApp's new privacy policy was raging. Yet Signal's privacy would not be 100% guaranteed: the FBI would have a tool to read the encrypted chats exchanged with this app.

Forbes has discovered it, which has been able to view documents of a trial in progress in the United States. The accusation is that of arms trafficking and attempted murder and the defendants would have contracted the sale of illegal weapons through Signal. Forbes was able to see screenshots of these chats, extracted from the iPhone of one of the suspects, completely in plain text. If what Forbes has seen proves to be true, then, it would be increasingly evident that there is no longer any app able to keep secret the chats of its users, whatever the encryption applied. Encryption that, in the case of Signal, uses the same protocol (also called Signal) used by WhatsApp and Telegram.

How does the FBI read chats

The two tools most used by law enforcement and intelligence agencies to crack iPhones are called GrayKey and Cellebrite. It's not clear which one was used in this specific case, but Russian security expert Vladimir Katalov told Forbes that the former was most likely used.

Both tools exploit hardware vulnerabilities in iPhones that allow them to be unlocked from the outside, without knowing the Apple ID password, and access the phone and its contents.

It would seem, therefore, that it wasn't so much Signal's encryption protocol that was hacked in this case, but rather the iPhone unlocking system. It is not known, at least at the moment, the model of iPhone used by the suspect nor the iOS version installed.

How does the encryption work on chat apps

If this hypothesis was confirmed, then, there would not be much difference between which app is used to chat: when the phone is unlocked it is possible to read all the chats.

In any case, the three messaging biggies (four, considering also Facebook Messenger) all use the same type of encryption: the "end-to-end" one, in which the cryptographic keys are exchanged between the two devices and are not known even to the platform.

Neither Facebook (therefore neither Messenger nor WhatsApp), neither Telegram nor Signal, therefore, can read users' messages. The FBI, on the other hand, apparently finds a way to read what it wants.