this post was submitted on 02 Jan 2022
17 points (94.7% liked)

Privacy

31938 readers
799 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

My friend and I were discussing cell phone security and he said that if someone backdoored your phone that they could read all your signal messages. Is this true? I would think that the only way to view signal messages is to literally open up the app and view them.

top 13 comments
sorted by: hot top controversial new old
[–] poVoq@lemmy.ml 11 points 2 years ago* (last edited 2 years ago)

You are both sort of right. Signal's on device storage is AFAIK only weakly encrypted with your screen-lock password (although you can enable a second weak password in Signal specifically). So if your phone is unlocked and backdoored the attacker can pretty much do what ever they want including reading your Signal messages.

Edit: to make it more clear... someone with a backdoor can just start a hidden application that does the same as the Signal client and open the on device stored messages with out your knowledge. And it is also quite trivial to install a keylogger to capture all passwords including those inside Signal.

[–] Lynda@lemmy.ml 11 points 2 years ago

If a device is compromised, the adversary can do whatever they want: screenshots, keyloggers, fork Signal and install their own client.

[–] Nyaa@lemmy.ml 5 points 2 years ago

If your phone is compromised, anything that you can see they can see as well. Absolutely nothing can protect against that because the only way would be to prevent even yourself from seeing it.

Potentially a really good sandbox and strict permissions could help, but if someone were to backdoor your phone chances are they can get around most software based solutions anyway.

[–] molly@lemmy.ml -1 points 2 years ago

Try molly -- hardened fork of signal. With encrypted keys as soon as you lock it after using the app it shreds itself from ram.