Court documents show FBI may have tool to access private Signal messages on locked iPhones
Court documents from a recent gun-trafficking case in New York suggest the FBI may have developed a way to access texts on Signal, the encrypted messaging app that has risen in popularity in recent months for its secure communication.
The court documents, filed by the Justice Department and obtained by Forbes, showed screenshots of Signal messages between men allegedly discussing an illegal weapons trade and attempted murder.
The screenshots reportedly showed metadata indicating that Signal had been decrypted on their phone when the device was in a certain state called “partial AFU,” which stands for “after first unlock.” In this state, iPhones are more vulnerable to having their data extracted.
For law enforcement to access private Signal messages from an iPhone, it usually must be in AFU mode. Still, a phone’s vulnerability will depend heavily on how up to date it is.
Still, it remains unclear what tools the FBI would use to bypass encryption. Two of the most prominent iPhone forensics tools used by the agency are GrayKey and Cellebrite.
Vladimir Katalov, founder of the Russian forensics company ElcomSoft, told Forbes he believes GrayKey was the tool that the FBI used in the gun-trafficking case.
“It uses some very advanced approach using hardware vulnerabilities,” Katalov said.
Signal, like other encrypted messaging apps, are seeing huge upticks in downloads from Apple's and Google's app stores as users spurn the Facebook-owned WhatsApp.
Mobile app analytics firm Sensor Tower said last month that Signal saw 17.8 million app downloads on Apple and Google during the week of Jan. 5 to Jan. 12 – 61-fold increase from just 285,000 the previous week. Telegram, an already popular messaging app for people around the world, saw 15.7 million downloads in the Jan. 5 to Jan. 12 period, roughly twice the 7.6 million downloads it saw the previous week.
The screenshots reportedly showed metadata indicating that Signal had been decrypted on their phone when the device was in a certain state called “partial AFU,” which stands for “after first unlock.” In this state, iPhones are more vulnerable to having their data extracted.
For law enforcement to access private Signal messages from an iPhone, it usually must be in AFU mode. Still, a phone’s vulnerability will depend heavily on how up to date it is.
Still, it remains unclear what tools the FBI would use to bypass encryption. Two of the most prominent iPhone forensics tools used by the agency are GrayKey and Cellebrite.
Vladimir Katalov, founder of the Russian forensics company ElcomSoft, told Forbes he believes GrayKey was the tool that the FBI used in the gun-trafficking case.
“It uses some very advanced approach using hardware vulnerabilities,” Katalov said.
Signal, like other encrypted messaging apps, are seeing huge upticks in downloads from Apple's and Google's app stores as users spurn the Facebook-owned WhatsApp.
Mobile app analytics firm Sensor Tower said last month that Signal saw 17.8 million app downloads on Apple and Google during the week of Jan. 5 to Jan. 12 – 61-fold increase from just 285,000 the previous week. Telegram, an already popular messaging app for people around the world, saw 15.7 million downloads in the Jan. 5 to Jan. 12 period, roughly twice the 7.6 million downloads it saw the previous week.
