Read on Twitter
My point of view:
1) @signalapp end-to-end encryption is not broken and works great
2) @Cellebrite didn’t claimed they are able to break the end-to-end encryption. They said they are able to decrypt the local database on Android and iOS.
1) @signalapp end-to-end encryption is not broken and works great
2) @Cellebrite didn’t claimed they are able to break the end-to-end encryption. They said they are able to decrypt the local database on Android and iOS.
3) Local dB decryption was already studied on Android, iOS and Windows PC.Various articles are available online (for example by @ElcomSoft and here https://github.com/Magpol/HowTo-decrypt-Signal.sqlite-for-IOS)
4) Of course you need physical possession of the device but You don’t always need the device to be unlocked
4) Of course you need physical possession of the device but You don’t always need the device to be unlocked
For example, on various Android devices you can obtain a physical or a full file system dump also when locked, or possibly there are solutions to brute force/attack the code. In those cases @signalapp dB can be extracted and decrypted also without the need of knowing the passcode
5) Using disappearing messages, deleting your chats and media, securing the app with a pin are all good countermeasures to reduce the chance of recovering data but depending on the devices traces of app usage and other data can be left around
