This month, in a now-removed blog post, Israeli digital intelligence company Cellebrite claimed it had a “new Solution for decrypting the Signal app.”
The blog announcement, despite being a factually incorrect piece, was hastily followed with rampant media attention. Outlets like the BBC and Schneier on Security blog which are otherwise considered credible sources of information reported on the half-baked theory too.
What did Cellebrite claim?
Cellebrite’s original blog post went into how Signal is being abused by drug dealers and gang members and why it was so important for law enforcement to be able to tap into end-to-end encrypted messaging apps like Signal.
After the brief overview of this use-case, Cellebrite’s blog post jumps straight into technical bits. It shows what Signal’s directory structure looks like on an Android device:
“Signal keeps its database encrypted using SqlScipher, so reading it requires a key. We found that acquiring the key requires reading a value from the shared preferences file and decrypting it using a key called ‘AndroidSecretKey’, which is saved by an android feature called ‘Keystore’.”
“Once the decrypted key is obtained, we needed to know how to decrypt the database. To do it, we used Signal’s open-source code and looked for any call to the database. After reviewing dozens of code classes, we finally found what we were looking for,” continues Cellebrite’s original blog post.
Further, the researcher demonstrates how he managed to crack Signal encryption and obtain attachments and files asserting, “decrypting Signal messages and attachments was not an easy task. It required extensive research on many different fronts to create new capabilities from scratch.”
Why is Cellebrite wrong?
Not every blog piece with words like “decryption” and screenshots of code is factually correct research.
Although the technical analysis presented by Cellebrite may have been applicable in a certain context—to automate data collection from unlocked devices, it did not explain or clarify how in the first place were Cellebrite researchers able to access the Signal database files on an Android device.
They did so by having physical access to an unlocked, Android device running the Signal app…
“This is a situation where someone is holding an unlocked phone in their hands and could simply open the app to look at the messages in it. Their post was about doing the same thing programmatically (which is equally simple), but they wrote an entire article about the ‘challenges’ they overcame, and concluded that ‘…it required extensive research on many different fronts to create new capabilities from scratch.’ This made us scratch our heads. If this required “research,” it doesn’t inspire much awe for their existing capabilities,” rebutted Signal in a blog post.
A key point to note here is, end-to-end encrypted messaging apps deploying industry standard encryption promise confidentiality, privacy and integrity, between two ends while data is in transit. This means, when using Signal, the sender and recipient of the message can see the message but an attacker cannot intercept or alter the communication when it is being sent over the network.
However, the “end-to-end encryption” guarantee ceases at the end. In other words, if the sender’s or the recipient’s physical device was to get stolen, it is assumed that the thief would now be able to access any and all apps’ data, including Signal’s, should the phone be unlocked and no additional protections (biometrics or PIN lock or Signal’s PIN) be in place.
In other words, as long as you have your physical device or smartphone with you, which has the Signal app running, you are safe. Signal’s end-to-end encryption has not been cracked by Cellebrite and to make such a broad claim would be incorrect and embarrassing.
Cellebrite has since removed the December 10th blog post and accessing the URL now shows a generic, heavily edited summary (backdated to December 1st, oddly) titled “Helping Law Enforcement Lawfully Access The Signal App.”
In 2018, Cellebrite’s claims of being able to unlock “any” iPhone device generated much controversy and debate because brute-forcing passcodes was still a requirement for a successful outcome.
“It is unfortunate such misleading and inaccurate stories like these spread so quickly, particularly because so many people will see that headline and so few will see the correction,” stated Signal.
“If you see people confused by this kind of irresponsible reporting, please help by sharing this with them,” concluded Signal’s blog post.