The BBC broke a story that seemingly indicated Cellebrite had broken Signal’s encryption — only it’s not true.
Signal is a popular messaging app, boasting some — if not the best — security and end-to-end encryption of any messaging platform on the planet. It’s so secure that some military units, the US Senate and the EU Commission all recommend their members use it. In addition to politicians and military personnel, Signal is widely used by journalists, activists, political dissidents and others for whom privacy is paramount. The app even has features, such as the ability to blur faces in photos, to help protect that privacy.
Celebrate, in contrast, is an Israeli company that specializes in hacking encrypted devices. The company’s products are used by the FBI, other law enforcement agencies, and have even been purchased by school districts for use on students’ phones.
The BBC reported that Cellebrite claimed to have cracked Signal’s encryption, potentially casting doubt on the platform. In fact, the BBC’s article was entitled: “Signal: Cellebrite claimed to have ‘cracked’ chat app’s encryption.”
Signal has written a blog post to set the record straight, calling the BBC’s headline “factually untrue.” Even the blog post Cellebrite wrote outlining their efforts, a post Signal called “embarrassing” (for Cellebrite), has been significantly altered and shortened, toning down the company’s claims from the original version (accessible via archives here).
So what happened? Did Cellebrite break Signal’s encryption? The short answer is No.
Cellebrite’s entire “success” depended on having physical access to an Android phone that was already unlocked with the screen on. In the realm of computer security, a simple rule is: If someone has physical access to your device, all bets are off. Once physical access is obtained, it’s usually only a matter of time before security measures are compromised to some degree or another.
More to the point, however, Signal, like other similar apps, is designed to protect messages and communication from electronic eavesdropping — not from someone who has unfettered access to the devices the messages reside on. As Signal’s blog points out, it’s a simple matter to open up any app, take screenshots of the contents and thereby “compromise” the data on the device for which someone already has unlocked, unfettered, physical access.
In essence, the Cellebrite Physical Analyzer does just that. It simply automates the process of accessing and recording the contents of apps on an unlocked phone. In the world of programming, this is neither complicated nor difficult.
As a side note, if a person is concerned about that possibility, it’s easy to enable disappearing messages in Signal. This added step ensures there is nothing to recover from a device that has been physically compromised.
As Signal’s rebuttal post point out, the entire episode is an embarrassing situation for Cellebrite, a company that so many law enforcement agencies depend on.
It’s hard to know how a post like that got out the door or why anyone thought revealing such limited abilities was in their interest. Based on the initial reception, Cellebrite must have realized that amateur hour was not a good look, and the post was quickly taken down. They then must have realized that a 404 error isn’t any better, and replaced that again with a vague summary.
It’s also hard to know how such an embarrassing turn of events became anything other than a disaster for Cellebrite, but several news outlets, including the BBC, published articles about Cellebrite’s “success,” despite the existence of clarifying information already available online.
The takeaway is that Cellebrite essentially accomplished nothing with their so-called “success.” They did not break Signal’s encryption and they did not compromise the messaging platform. Cellebrite’s entire “success” was no more of an accomplishment than being handed an unlocked phone, perusing it and taking screenshots of the contents.
John Scott-Railton, a senior researcher at internet watchdog Citizen Lab, out of the University of Toronto, agreed with Signal.
The evidence is clear: Signal remains one of — if not THE — most secure messaging platforms on the planet.