Signal under fire for storing encryption keys in plaintext
Signal's desktop app stores encryption keys in plaintext, risking data theft. Users' security responsibility increases post-data arrival. Despite criticism, Signal hasn't fixed the issue. Caution advised for desktop app usage.
Read original article
Signal's desktop application has come under scrutiny for storing encryption keys in plaintext, potentially exposing users to data theft. Cybersecurity researchers discovered that Signal's desktop app stores local chat history encryption keys in a plaintext file accessible by any process on the system. This flaw allows for the easy restoration of entire Signal sessions on different devices without detection. Signal's approach to end-to-end encryption focuses on protecting data in transit, shifting the responsibility for security to users once data reaches their devices. Despite past criticism and recommendations to improve security measures, Signal has not addressed the issue. Concerns have been raised about the security implications of storing encryption keys in plaintext, with suggestions for more cautious users to reconsider using the desktop version of Signal. The investigation also highlights similar encryption key storage issues in other applications like WhatsApp and Apple's iMessage, emphasizing the importance of securing locally stored data to prevent unauthorized access.
Related
EU Council has withdrawn the vote on Chat Control
The EU Council withdrew the vote on Belgium's Chat Control plan due to lack of support. Critics raised privacy concerns over monitoring chat messages and client-side scanning. Uncertainty looms as discussions resume post-summer.
EU cancels vote on private chat app law amid encryption concerns
The European Union cancels vote on law targeting child sexual abuse material over encryption concerns. Proposed measures involve scanning images on messaging apps, sparking privacy debates among member states. Negotiations ongoing.
OpenAI's ChatGPT Mac app was storing conversations in plain text
OpenAI's ChatGPT Mac app had a security flaw storing conversations in plain text, easily accessible. After fixing the flaw by encrypting data, OpenAI emphasized user security. Unauthorized access concerns were raised.
Reverse Engineering the Verification QR Code on My Diploma
The author attempts to reverse engineer a QR code on their diploma encrypted with RSA encryption. Challenges arise due to encryption complexities, Flutter app disassembly, and RSA key limitations, making decryption unfeasible.
ChatGPT's much-heralded Mac app was storing conversations as plain text
The Mac desktop app for ChatGPT by OpenAI stored user conversations as plain text, posing a security risk. OpenAI updated the app to encrypt chats after public scrutiny. Users should update for security.
2 commentsRelated
EU Council has withdrawn the vote on Chat Control
The EU Council withdrew the vote on Belgium's Chat Control plan due to lack of support. Critics raised privacy concerns over monitoring chat messages and client-side scanning. Uncertainty looms as discussions resume post-summer.
EU cancels vote on private chat app law amid encryption concerns
The European Union cancels vote on law targeting child sexual abuse material over encryption concerns. Proposed measures involve scanning images on messaging apps, sparking privacy debates among member states. Negotiations ongoing.
OpenAI's ChatGPT Mac app was storing conversations in plain text
OpenAI's ChatGPT Mac app had a security flaw storing conversations in plain text, easily accessible. After fixing the flaw by encrypting data, OpenAI emphasized user security. Unauthorized access concerns were raised.
Reverse Engineering the Verification QR Code on My Diploma
The author attempts to reverse engineer a QR code on their diploma encrypted with RSA encryption. Challenges arise due to encryption complexities, Flutter app disassembly, and RSA key limitations, making decryption unfeasible.
ChatGPT's much-heralded Mac app was storing conversations as plain text
The Mac desktop app for ChatGPT by OpenAI stored user conversations as plain text, posing a security risk. OpenAI updated the app to encrypt chats after public scrutiny. Users should update for security.