Researchers Discover Flaw in Signal's Disappearing Messages Related to Mac Notification Center

[MacRumors]

Signal's Mac app displays recently received messages in the Notification Center on macOS, and this feature could compromise a user's disappearing private messages, as discovered by security researcher Alec Muffett and reported by Motherboard.

One of Signal's main advantages is its ability to send disappearing messages, so that after a predetermined amount of time the message is deleted from the app.

Muffett pointed out on Twitter this week that Signal's default Mac app settings somewhat defy this security measure due to the way Macs handle notifications. So, even if you send a self-destructing message within the Signal app, the messages remain on the recipient's Mac Notification Center, displaying your name and message details. Muffett was running macOS 10.13.4 and Signal version 1.9.0.

#HEADSUP: #Security Issue in #Signal. If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist -- even if they are "disappearing" messages which have been deleted/expunged from the app. pic.twitter.com/CVVi7rfLoY - Alec Muffett (@AlecMuffett) May 8, 2018

Mac security researcher Patrick Wardle then investigated the issue further, discovering that the "deleted" Signal messages that remain in the Notification Center are saved on the Mac's disk inside the operating system. While this is true of any app that displays notifications, it's particularly troublesome for Signal users in need of high-level security, like government workers or journalists.

Any malicious third parties would still need to get their hands on your Mac to get into your message history, so as Motherboard pointed out, "this is not a major threat for most people." Still, this could be a major security risk for high-level Signal users, since this means that any disappearing messages that popped up in Notification Center can be recovered later, "even after they are gone within the Signal app."

Wardle summed up his findings:

In short, anything that gets displayed as a notification (yes, including 'disappearing' Signal messages) in the macOS Notification Center, is recorded by the OS.

If the application wants the item to be removed from the Notification Center, it must ensure that the alert is dismissed by the user or programmatically! However, it is not clear that this also 'expunges' the notifications (and the their contents) from the notification database...i'm guessing not! If this is the case, Signal may have to avoid generating notifications (containing the message body) for disappearing messages...

Wardle said that Signal's iOS app does not appear to have a similar issue at this time, although the app "should be investigated." Of course, any Signal Mac user who is worried about potential privacy risks can navigate to Signal's Preferences menu on the top-left corner of the screen when the app is open, click Notifications, and "Disable notifications."

Article Link: Researchers Discover Flaw in Signal's Disappearing Messages Related to Mac Notification Center

 

[497902]

In short: Disable this feature, problem solved.

 

[twistedpixel8]

This is ridiculous. You need to assume that anything you send to someone has been read and potentially recorded. These "disappearing messages" are misleading and anyone who takes them for temporary is simply naive.

 

[Kaibelf]

Honestly if you are getting a message that is compromising you likely don’t want t popping up as a banner on a larger screen than necessary anyway.

 

[itcomesinwaves]

In short: Disable this feature, problem solved.

Lol, right. I wouldn’t trust any of these supposedly secure messaging systems. Just because they haven’t discovered an exploit yet, doesn’t mean its not there and being exploited. Turning off features to patch of security holes after they’ve been made public isn’t going to do you much good at all.

 

[497902]

Lol, right. I wouldn’t trust any of these supposedly secure messaging systems. Just because they haven’t discovered an exploit yet, doesn’t mean its not there and being exploited. Turning off features to patch of security holes after they’ve been made public isn’t going to do you much good at all.

Feel free to check the source code yourself then if you doubt it.

 

[alexander258954]

I find it hilarious that someone can have the capacity and understanding of macOS to create a macOS app but somehow still doesn't understand that notifications are stored infinitely in Notification Center until the user manually clears them out. Hilarious but also annoying. Please Apple can we please please stop with the paper trails? I will never stop clearing (force quitting) my recent iOS apps and obsessively clearing Notification Center. They should auto-clear out after about an hour in my opinion. I don't care about the wallpaper I downloaded, decided I didn't like, and deleted a month ago. What is the point in showing me a notification from a month ago?

Edit: If you disable the notifications for an app they're just hidden but if you re-enable them in Sys Prefs all the old notifications come back. They don't go anywhere. How great is that

 

[coolfactor]

...discovering that the "deleted" Signal messages that remain in the Notification Center are saved on the Mac's disk inside the operating system.

Saved on the disk inside the operating system? Was this article rushed?

Anyway, easy fix. Disable Signal notifications at the system level, and I'm sure an app update will be out soon to address this.

 

[Phil in ocala]

In short: Disable this feature, problem solved.

_____
I have tried with high sierra to disable notifications and it keep up...reinstalled the OS and it keeps up....I think the default should be OFF, unless the user wants it ON...but i only paid for the mac...I don't really own it..Apple does

 

[C DM]

_____
I have tried with high sierra to disable notifications and it keep up...reinstalled the OS and it keeps up....I think the default should be OFF, unless the user wants it ON...but i only paid for the mac...I don't really own it..Apple does

Are you saying you are unable to disable notifications?

 

[Phil in ocala]

Ah...YES

 

[C DM]

Ah...YES

Sounds like some configuration/installation issues of some sort with your setup given that something like that isn't some sort of a general widespread issue.

 

[Junior117]

This is ridiculous. You need to assume that anything you send to someone has been read and potentially recorded. These "disappearing messages" are misleading and anyone who takes them for temporary is simply naive.

I mean, I understand what you're saying (someone can simply take a screenshot of the messages, for example), but it's better to have some kind of deterrent than nothing at all.

They should auto-clear out after about an hour in my opinion.

Your suggestion is fine and I agree with having that, but it should at least be a toggle; I personally would be ticked off if that were to clear automatically after a set period of time.

 

[O.N.Y.X]

Lol, right. I wouldn’t trust any of these supposedly secure messaging systems. Just because they haven’t discovered an exploit yet, doesn’t mean its not there and being exploited. Turning off features to patch of security holes after they’ve been made public isn’t going to do you much good at all.

You must be talking about WhatsApp, not Signal. Or you don't know what "open source" means.

 

[Bob Zimmerman]

I mean, I understand what you're saying (someone can simply take a screenshot of the messages, for example), but it's better to have some kind of deterrent than nothing at all.

Misleading "security" measures tend to lead to people behaving in riskier ways. Check out all of the actively counterproductive "VPNs" people are using now. Yes, I will avoid spying by ... sending all of my traffic through a single central point which can then spy on it. Brilliant!
[doublepost=1525959969][/doublepost]

You must be talking about WhatsApp, not Signal. Or you don't know what "open source" means.

Open-source is not a panacea when it comes to security. To wit, CVE-2014-0160 sat around for years in one of the most widely-used open-source projects before anybody noticed it. I don't think Signal itself has any problems like that, but the crypto libraries it uses might. Cryptography is nightmare math and is extremely easy to mess up. Subtle errors can lead to total system compromise. Things as simple as the amount of power the processor uses when encrypting and decrypting can wind up leaking data about the internal state which can be used to derive the keys involved.

 

[C DM]

Misleading "security" measures tend to lead to people behaving in riskier ways. Check out all of the actively counterproductive "VPNs" people are using now. Yes, I will avoid spying by ... sending all of my traffic through a single central point which can then spy on it. Brilliant!

So VPNs aren't real basically?

 

[Bob Zimmerman]

So VPNs aren't real basically?

For the vast, overwhelming majority of people, correct. They are useful to defend against very specific threats in very specific circumstances, and they require careful validation to be sure you aren't making yourself more vulnerable.

Now, "VPNs" in the general sense serve a useful business function, but that is unrelated to "VPNs" as most people know them.

 

[C DM]

For the vast, overwhelming majority of people, correct. They are useful to defend against very specific threats in very specific circumstances, and they require careful validation to be sure you aren't making yourself more vulnerable.

Now, "VPNs" in the general sense serve a useful business function, but that is unrelated to "VPNs" as most people know them.

Which is quite different from them basically not being something real.

 

[Bob Zimmerman]

Which is quite different from them basically not being something real.

Technically true, but meaningless. The average person substantially reduces their security and privacy if they use a VPN, particularly any service offered in the App Store. Several are known to mess with DNS and to inject ads into anything unencrypted they can.

So yes, VPNs are a real thing, but they don't do what the overwhelming majority of people think they do. Nor do they do what the majority of "VPN services" advertise.

 

[C DM]

Technically true, but meaningless. The average person substantially reduces their security and privacy if they use a VPN, particularly any service offered in the App Store. Several are known to mess with DNS and to inject ads into anything unencrypted they can.

So yes, VPNs are a real thing, but they don't do what the overwhelming majority of people think they do. Nor do they do what the majority of "VPN services" advertise.

But use of an actual VPN does what it should do. Whether or not various people might use an "actual" VPN or how or what they might use it for is a somewhat different part of it, given that all kinds of people can misuse all kinds of things anywhere and anytime basically.

 

[Bob Zimmerman]

But use of an actual VPN does what it should do. Whether or not various people might use an "actual" VPN or how or what they might use it for is a somewhat different part of it, given that all kinds of people can misuse all kinds of things anywhere and anytime basically.

You might want to take a look at my post you quoted to start this. My entire point is that people are mislead into believing a VPN will make them more secure in certain ways, when it actually does the opposite. They are absolutely not real security for the overwhelming majority of the population.

 

[chucker23n1]

You might want to take a look at my post you quoted to start this. My entire point is that people are mislead into believing a VPN will make them more secure in certain ways, when it actually does the opposite. They are absolutely not real security for the overwhelming majority of the population.

That’s quite misleading. Yes, a VPN is problematic if you cannot trust whoever is running the VPN server (which isn’t necessarily the case at all — for instance, you yourself could be running the VPN).

But even then, a VPN still protects you from other snooping because all traffic gets encrypted and rerouted.

 

[Bob Zimmerman]

That’s quite misleading. Yes, a VPN is problematic if you cannot trust whoever is running the VPN server (which isn’t necessarily the case at all — for instance, you yourself could be running the VPN).

But even then, a VPN still protects you from other snooping because all traffic gets encrypted and rerouted.

No, it doesn't. It protects you from snooping between you and the VPN endpoint. After that, it's back in the clear. The endpoint's ISP can snoop on you all they want. And hey! Who is most likely to use this kind of system? People concerned about privacy, but gullible enough to fall for a "VPN service". Which makes their traffic more valuable.

As for evaluating whether you can trust the entity running the VPN endpoint, do you honestly think the general public is equipped to do that? I could use a prepaid credit card to pay for an Apple developer account and some AWS time, publish a free VPN application to the store, and lie about the "company" behind it. With whois privacy, how do you tell who actually owns it? How do you review it? How do you make sure they aren't just lying to you in their privacy policy?

I work in security and cryptography, and deal with real VPNs on a regular basis. I would not trust one with an endpoint I did not set up myself. Even then, as I said, I would only trust it for certain things. My cell network connection is more private in certain ways, and my hardwired connection is more private in other ways. You have to know an enormous amount about all of this to even begin to make a rational decision.

At this point, articles which recommend VPN services are considered by much of the cryptography community to be professional malpractice. "Features" like disappearing messages should be as well.

 

[C DM]

You might want to take a look at my post you quoted to start this. My entire point is that people are mislead into believing a VPN will make them more secure in certain ways, when it actually does the opposite. They are absolutely not real security for the overwhelming majority of the population.

That's essentially the generalization I was commenting on.

 

[Bob Zimmerman]

That's essentially the generalization I was commenting on.

Yes, for a tiny fraction of the population with specific needs and deep knowledge of the tradeoffs, a VPN service can be legitimately useful.

And again, for the overwhelming majority (on the order of 99%) of the people who think they need a VPN, it actually reduces security and privacy.