FBI used iPhone notification data to retrieve deleted Signal messages
100 points
1 hour ago
| 13 comments
| 9to5mac.com
| HN
jonpalmisc
52 minutes ago
[-]
Settings > Notifications > Notification Content > Show: "Name Only" or "No Name or Content"

I've had this enabled to prevent sensitive messages from appearing in full whilst showing someone something on my phone, but I guess this is an added benefit as well.

reply
nickburns
30 minutes ago
[-]
Just to clarify, this is within the Signal app settings—not the OS (iOS or Android) system settings.

Critical distinction, as merely changing OS notification settings will simply prevent notification content from being displayed on-screen.

reply
embedding-shape
32 minutes ago
[-]
I guess enabling Lockdown mode might avoid this particular issue too, together with a bunch of other stuff?
reply
everdrive
20 minutes ago
[-]
Why would lockdown mode prevent this? I have lockdown mode on but that doesn't automatically make my notifications private.
reply
giancarlostoro
1 minute ago
[-]
Maybe it should.
reply
jhalstead
37 minutes ago
[-]
Fwiw, in my Signal app on Android this setting is in

Settings > Notifications > Messages > Show

reply
wolvoleo
1 minute ago
[-]
My Samsung also keeps a history of notification content. Under Settings->Notifications ->Advanced -> Notification History
reply
chasil
1 hour ago
[-]
First, a critical setting for Signal users:

"Signal’s settings include an option that prevents the actual message content from being previewed in notifications. However, it appears the defendant did not have that setting enabled, which, in turn, seemingly allowed the system to store the content in the database."

Second, how can I see this notification history?

reply
alin23
43 minutes ago
[-]
Not sure if it's exactly the same, but I had to add a When notification arrives with <message>, do <action> event trigger in my Crank macOS app (https://lowtechguys.com/crank) so I can show you how to do it on macOS:

      HOURS=6
      EPOCH_DIFF=978307200
      SINCE=$(echo "$(date +%s) - $EPOCH_DIFF - $HOURS * 3600" | bc)

      sqlite3 ~/Library/Group\ Containers/group.com.apple.usernoted/db2/db \
        "SELECT r.delivered_date, COALESCE(a.identifier, 'unknown'), hex(r.data)
        FROM record r
        LEFT JOIN app a ON r.app_id = a.app_id
        WHERE r.delivered_date > $SINCE
        ORDER BY r.delivered_date ASC;" \
      | while IFS='|' read -r cfdate bundle hexdata; do
          date -r $(echo "$cfdate + $EPOCH_DIFF" | bc | cut -d. -f1) '+%Y-%m-%d %H:%M:%S'
          echo "  app: $bundle"
          echo "$hexdata" | xxd -r -p > /tmp/notif.plist
          plutil -p /tmp/notif.plist 2>/dev/null \
            | grep -E '"(titl|title|subt|subtitle|body|message)"' \
            | sed 's/^  */  /'
          echo "---"
      done
Basically, notifications are in an sqlite db at ~/Library/Group Containers/group.com.apple.usernoted/db2/db and are stored as plist blobs.

In recent years, filesystem paths for system services have started to converge for both macOS and iOS so I'm thinking with jailbreak you could get read access to that database and get the same data out of it.

reply
627467
35 minutes ago
[-]
On android there are apps that let you see the history - i use NotiStar occasionally to see if i unwittingly dismissed important notifications. And i believe there are apps/settings that help you clear the history from the device.

But this is a reminder that these centralized notification infrastructure (FCM and APNs) store notification content (if the app is told to send content in it - signal with option enabled wouldn't send content) even if we clear local history these middleman still hold it

reply
chasil
10 minutes ago
[-]
On Lineage Android, i see: Settings / Notifications / Notification History.

If you drop a settings widget on your home screen, it will let you choose a specific area, including notifications.

I don't know if the output is the complete database.

reply
jhalstead
39 minutes ago
[-]
On a Pixel, I can see some history by going to

Android > Settings > Notifications > Manage > Notification History

reply
alsetmusic
7 minutes ago
[-]
Original article: FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database[0]

0. https://www.404media.co/fbi-extracts-suspects-deleted-signal...

reply
tbrownaw
5 minutes ago
[-]
That's unfortunately less informative if you aren't already one of their subscribers.
reply
blitzar
5 minutes ago
[-]
> testimony in a recent trial

Court cases are the real way to audit security.

Larping about security and complaining about companies responding to court orders only gets you so far. Its way more useful to look at what actually happens in reality.

reply
chinathrow
48 minutes ago
[-]
On Android, when I use WhatsApp and have notifications for groups turned off, I can still see that they arrive briefly and then get removed (the icon top left vanishes). I wonder often, if this is a way to push all group message content into an unencrypted data trace as well - for the same use case.
reply
arkon_hn
40 minutes ago
[-]
If the notification has the data, then yes. It's trivial to create an app that listens to notifications; Samsung even has one themselves called NotiStar that replicates the notification history feature that Android normally has.
reply
niek_pas
11 minutes ago
[-]
I wonder why Apple doesn't 'just' delete the notification data associated with the app from the internal database when the user deletes the app? It seems like asking for problems to just keep old notification content around forever.
reply
alsetmusic
5 minutes ago
[-]
It's one of those problems where as soon as someone notices, it's crazy that no one noticed. I can't imagine this not being overhauled going forward. It's just a bad way to operate and now it's news.
reply
shalmanese
23 minutes ago
[-]
I thought Signal didn’t show message previews by default and you had to go in and enable it? I’ve never had message previews in my Signal and I don’t remember changing anything. Maybe when they introduced the feature, you could pick but they strongly suggested it not showing?
reply
frizlab
1 hour ago
[-]
Aren’t notifications supposed to be encrypted for Signal?
reply
shantara
1 hour ago
[-]
iOS stores the previously displayed notifications in an internal database, which was used to access the data. It’s outside of Signal’s control, they recommend disabling showing notification content in their settings to prevent this attack vector
reply
makosdv
1 hour ago
[-]
You can choose what to show in the notification and there is an option to include the message, so I'm guessing that allowed some unencrypted incoming messages to be read.
reply
frizlab
1 hour ago
[-]
Sibling comment explains. The notification does arrive encrypted and is decrypted by an app extension (by Signal), however, if the message preview is shown, it is stored unencrypted by iOS. It is that storage that is accessed.
reply
butvacuum
1 hour ago
[-]
it seems iOS will drop previews into an unencrypted section. which, Is how I expected iOS notification previews to work without unlocking the phone
reply
krisknez
56 minutes ago
[-]
This kind of vulnerability is not tied to Signal but all apps which send notification.
reply
etiam
1 hour ago
[-]
Also discussed yesterday, in https://news.ycombinator.com/item?id=47703573
reply
mnls
42 minutes ago
[-]
People who NEED to hide their notifications from iOS have this already disabled.

They rest who "evaluate their threat models" can practice Spy-life-gymnastics by disabling it from Signal.

reply
xandrius
26 minutes ago
[-]
Victim blaming?
reply
lenerdenator
1 hour ago
[-]
There needs to be a bit more "group chat" control in Signal messages, wherein you could enforce certain settings for certain chats regardless of the phone settings. You could have group chats that would enforce not showing more information in the notifications, while others would still allow it.
reply
preinheimer
55 minutes ago
[-]
This feels like it would run against the “I bought my device, I should control how it behaves” line of thinking.
reply
etiam
38 minutes ago
[-]
But it would be pretty well in line with the "I trust my contact with this communication, but only if they're not systematically misled to copy it to readily exploitable insecure storage" line of thinking.

Since the purposes of the program are pretty heavy on private communication, I'm inclined to think that takes precedence here, especially considering the consequences for dropping default message previews versus adding default reveal of supposedly private information.

reply
kome
49 minutes ago
[-]
smartphones in general runs against the “I bought my device, I should control how it behaves” line of thinking
reply
i_am_proteus
1 hour ago
[-]
Reminder that no end-to-end encryption arrangement can do anything before encryption, or after decryption, at the endpoints.
reply
windowliker
48 minutes ago
[-]
Right. It's purely a protection against MitM snooping. The app has to have the messages in plaintext to display to you via whatever mechanism the OS uses. Seems obvious, but also not, at the same time.

I've found other ways Signal can leak information, even with disappearing messages. It's not the total install-and-be-done privacy screen that some people think it is, and requires a little effort at the user end to fill in a few gaps.

reply
kome
48 minutes ago
[-]
signal is security theater, and a very bad user experience
reply
noman-land
34 minutes ago
[-]
Prove it.
reply
rainingmonkey
14 minutes ago
[-]
> very bad user experience

"To use the Signal desktop app, Signal must first be installed on your phone."

reply