Main points
- The FBI was able to recover deleted Signal messages due to a feature of iOS that stores notification data on the device's internal memory.
- Signal is not to blame, but users can reduce the risk of leaks by limiting the amount of data in notifications through the messenger's settings.
Hidden iPhone vulnerability: how the FBI reads deleted Signal messages / Collage 24 Channel/Depositphotos/Unsplash
Even the most robust encryption tools can be powerless against the peculiarities of operating systems. A recent US lawsuit revealed an unexpected method that allowed federal agents to access secret correspondence that was thought to be permanently erased from a device's memory.
How did the intelligence agencies manage to bypass Signal's protection and retrieve the deleted data?
The story of the successful hack became public thanks to the trial of the incident at the ICE Prairieland detention center in Alvarado, Texas. During the investigation of the actions of a group of activists accused of vandalism and assault on law enforcement officers, the FBI demonstrated the ability to recover messages from the popular messenger Signal, writes 404 Media.
An important nuance is that the data was obtained even in cases where the application itself was removed from the device in advance, and the messages from it were carefully cleaned. As it turned out during the agents' testimony, the key to success was not the vulnerability of the messenger itself, but the peculiarities of the operation of the iOS operating system from Apple.
The technical essence of the method is to analyze the iPhone's push notification database. FBI Special Agent Clark Whithorn explained during the court hearing that if you enable notifications and text previews on the lock screen in Signal's settings, the operating system automatically saves these fragments to the device's internal memory. This means that copies of incoming messages are duplicated in a separate iOS storage that is not cleared when you delete the messenger itself.
Thus, physical access to the smartphone and the use of specialized software allow investigators to extract confidential information that the user believes has been securely erased. The method allows access even to those messages for which a self-destruct timer has been set.
This really works.
According to people who supported the defendants in the courtroom, the FBI was able to show the correspondence that had long since disappeared from the Signal app itself, but remained in Apple’s notification archives. They published their thoughts and observations on the Support the Prairieland Defendants website. In addition, the lawyer for one of the defendants, Elizabeth Soto, confirmed that it was the specific notification settings on her client’s phone that caused the data leak.
However, this method has certain limitations: agents were only able to recover incoming messages, while the original texts were not stored in the notification database, since smartphones simply do not have notifications about their own sent messages.
Signal is not to blame, but a lot depends on us
The problem faced by Signal users is not a flaw in the messenger itself. It is a fundamental conflict between the desire for complete privacy of secure software developers and Apple's notification mechanisms and desire for convenience.
Signal's settings allow you to limit the amount of data in notifications: users can choose to display only the sender's name or no information about the content at all.
How to choose what to show in Signal notifications
To select the information that notifications will display, you need to:
- Go to settings (three dots in the top right of the main screen).
- Select the “Notifications” menu.
- After that, in the first menu block, find the last item called “Show”.
- Select “No name or message” if you don't want your iPhone to record the contents of your messenger notifications.
This case clearly demonstrates why enabling such security features is critical to protecting your anonymity, for example if you're attending a protest and are concerned about your safety. It also helps hide the content of your notifications from anyone who knows your smartphone password.