Police could lawfully use bulk surveillance techniques to access messages from encrypted communications platforms such as WhatsApp and Signal, following a ruling by the UK’s Investigatory Powers Tribunal (IPT), a court has heard.
A French and Dutch Joint Investigation Team (JIT) harvested more than 115 million supposedly encrypted messages from an estimated 60,000 users of EncroChat phones after infecting the handsets with a software “implant”.
So this sounds like the ANOM phone story with extra steps?
I get that they can “access” messages, but the headline feels misleading if it requires full access to the device.
It’s not that they’re breaking encryption or reading messages in transit, it’s more like they’re installing malware on specific devices so that they can look at your screen?
Because truth is more complex and does nor drive clicks. so far every time we see signal in a headline like this, it will generally be “cops had physically access” “no password” or “password leaked”
ie something that encryption is not designed to defend against.
Apparently what happened is that French police installed some of malware on the phones to read the messages, and this was now decided to be legal in the UK.
The basic security stuff exists on Android and iOS as well, namely full disk encryption. When that is defeated through a missing or bad password nothing keeps them from installing their malware with device access.
If they got in through an external security vulnerabilities in some software package the situation is also the same on either OS.
To be honest, it ‘could’ change everything. You don’t need to run ‘phone’ hardware. You could assemble a handled computer with a 5G modem out of consumer-available parts.
Even if we didn’t go that far, we would get our own LUKS encryption with keys we chose and if we knew we couldn’t trust the hardware, we could take precautions. They can attack apple and android easily enough because it’s just two platforms, one vulnerability in android and you’re into 50% of the population.
While we at it with wishlists, maybe we could do some hardware version of tpm/dpapi and manage to relatively safely encrypt the ram as well.
Honestly mentioning Enchrochat together with other mainstream message clients is kind of misleading. The Enchrochat message client was also E2EE. However Enchrochat was also a company that sold their own mobile phones with a prorietary OS on it together with own sim cards and only those phones were able to connect to each other. And law enforcment had enough evidence that they sold those hardware in shady untracable ways similar to drugs. At that point there was no western government that didn’t want to help seizing their infrastructure and taking over their update services for example.
They’ve said that they release the source code after it’s running in production:
sorry the source for one of our services was so far behind. We often don’t push source until we release things, and there were a few overlapping releases that happened in that period which made it awkward to push at any moment and put us behind. Additionally, we’ve seen a large increase in spam, and a reluctance to immediately publish the exact anti-spam measures we were responding with to a place where spammers could immediately see them combined with the above to cause this extreme delay.
That’d be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there’s no way anyone can read the messages, except the owner of the private key.
Whatsapp uses the same protocol as signal so MITM is unlikely however there’s no way to know what happens before or after the messages are encrypted/decrypted and sent. They can do that scanning at that stage.
That is different than Signal which (unless they changed something with the profiles thing) was always P2P E2EE. You’re sending encrypted messages directly to the other persons phone, not to a server.
Sender cannot know where the recipient is and using P2P would be resource consuming on all client devices (i.e. everyone who uses Signal) so I guess the messages are routed thru Signal’s servers though messages are encrypted on device with keys that only the messaging parties know (couldn’t find an official diagram for this to confirm).
Wonder how they’d manage that as they both are E2EE.
Looks like they just hack the phone
https://en.m.wikipedia.org/wiki/EncroChat
So this sounds like the ANOM phone story with extra steps?
I get that they can “access” messages, but the headline feels misleading if it requires full access to the device.
It’s not that they’re breaking encryption or reading messages in transit, it’s more like they’re installing malware on specific devices so that they can look at your screen?
Because truth is more complex and does nor drive clicks. so far every time we see signal in a headline like this, it will generally be “cops had physically access” “no password” or “password leaked”
ie something that encryption is not designed to defend against.
How does one get an “implant” onto a phone?
You implant it, duh.
Apparently what happened is that French police installed some of malware on the phones to read the messages, and this was now decided to be legal in the UK.
Damn, we’ll need those linux phones working soon.
Then they enforce the chipmakers to put backdoors in the chips themselves
I’d wager they already have
For x86 platforms it’s called Intel ME and AMD PSP.
What would that change?
You’d have enough control over the software that you can ensure nothing like this happens
The basic security stuff exists on Android and iOS as well, namely full disk encryption. When that is defeated through a missing or bad password nothing keeps them from installing their malware with device access.
If they got in through an external security vulnerabilities in some software package the situation is also the same on either OS.
To be honest, it ‘could’ change everything. You don’t need to run ‘phone’ hardware. You could assemble a handled computer with a 5G modem out of consumer-available parts.
Even if we didn’t go that far, we would get our own LUKS encryption with keys we chose and if we knew we couldn’t trust the hardware, we could take precautions. They can attack apple and android easily enough because it’s just two platforms, one vulnerability in android and you’re into 50% of the population.
While we at it with wishlists, maybe we could do some hardware version of tpm/dpapi and manage to relatively safely encrypt the ram as well.
Honestly mentioning Enchrochat together with other mainstream message clients is kind of misleading. The Enchrochat message client was also E2EE. However Enchrochat was also a company that sold their own mobile phones with a prorietary OS on it together with own sim cards and only those phones were able to connect to each other. And law enforcment had enough evidence that they sold those hardware in shady untracable ways similar to drugs. At that point there was no western government that didn’t want to help seizing their infrastructure and taking over their update services for example.
The bigger problem however for the general public is that certain politicians want to break encryption all together by forcing companies to implement backdoors on client side. This has been an ongoing discussion for 2 years in EU parliament and it has to stop: https://www.eff.org/deeplinks/2024/06/now-eu-council-should-finally-understand-no-one-wants-chat-control
It doesn’t matter. Using that phone or app cannot possibly be anywhere close to probable cause for a search.
With a warrant they could probably force signal/whatsapp to inject Malware into their apps to spy on users.
Don’t know how possible it is with signal and their reproducible builds. They would need to add this to the source code of the app.
Could they though, I thought signal would just leave the market
deleted by creator
Especially with Signal being open source. What stops the official Signal company from advertising another fork?
“Gruyere Signal”
The server software is not open source.
Untrue. Stop spreading FUD: https://github.com/signalapp/Signal-Server
There’s a grain of truth in the claim: We don’t know for sure if the original open source version is actually running on the server.
Isn’t that true of all server side FOSS?
Yes. We just have to trust them. Or selfhost, which I’m doing with almost everything.
deleted by creator
Why not use eg. Matrix then?
They’ve said that they release the source code after it’s running in production:
https://github.com/signalapp/Signal-Android/issues/11101#issuecomment-815400676
In that case: They started publishing code AGAIN.
The server soft has been available, then not, and apparently now again.
That’d be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there’s no way anyone can read the messages, except the owner of the private key.
deleted by creator
Whatsapp uses the same protocol as signal so MITM is unlikely however there’s no way to know what happens before or after the messages are encrypted/decrypted and sent. They can do that scanning at that stage.
Sender cannot know where the recipient is and using P2P would be resource consuming on all client devices (i.e. everyone who uses Signal) so I guess the messages are routed thru Signal’s servers though messages are encrypted on device with keys that only the messaging parties know (couldn’t find an official diagram for this to confirm).
You shouldn’t make claims like this when there is no evidence for it.
Signal has never been P2P.