Can The FBI Hack Into Private Signal Messages On A Locked iPhone? Evidence Indicates Yes
The FBI appears to have a tool that can access Signal messages, even if a device is locked. (Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)
SOPA IMAGES/LIGHTROCKET VIA GETTY IMAGES
Signal has become the de facto king of secure messaging apps of late, stealing users from WhatsApp and gathering millions of others looking for private forms of communication. That means the police and governments will be wanting, more than ever, to ensure they have forensic techniques to access Signal messages. Court documents obtained by Forbes not only attest to that desire, but indicate the FBI has a way of accessing Signal texts even if they’re behind the lockscreen of an iPhone.
The clues came via Seamus Hughes at the Program on Extremism at the George Washington University in court documents containing screenshots of Signal messages between men accused, in 2020, of running a gun trafficking operation in New York. (The suspects have not yet entered a plea and remain innocent until proven guilty). In the Signal chats obtained from one of their phones, they discuss not just weapons trades but attempted murder too, according to documents filed by the Justice Department. There’s also some metadata in the screenshots, which indicates not only that Signal had been decrypted on the phone, but that the extraction was done in “partial AFU.” That latter acronym stands for “after first unlock” and describes an iPhone in a certain state: an iPhone that is locked but that has been unlocked once and not turned off. An iPhone in this state is more susceptible to having data inside extracted because encryption keys are stored in memory. Any hackers or hacking devices with the right iPhone vulnerabilities could then piece together keys and start unlocking private data inside the device.
A Signal spokesperson said: “If someone is in physical possession of a device and can exploit an unpatched Apple or Google operating system vulnerability in order to partially or fully bypass the lock screen on Android or iOS, they can then interact with the device as though they are its owner.
“Keeping devices up-to-date and choosing a strong lock screen passcode can help protect information if a device is lost or stolen.”
Counsel for the defendant in the New York case didn’t respond to messages. The Justice Department said it couldn’t comment.
GrayKey vs. Cellebrite
Forensic exploitation of devices affects any encrypted communications app, from WhatsApp to Wickr, not just Signal. What is apparent is that the government has a tool that can bypass encryption to get into what most people would assume are private messages. The question remains: What is that tool? It’s likely to be one of two popular iPhone forensics tools used by the FBI: the GrayKey or the Cellebrite UFED.