Apple patches vulnerability that let FBI access deleted Signal conversations
The FBI exploited this vulnerability to retrieve readable Signal message previews from iPhone notification databases, even following app removal.
Apple, the technology behemoth, has resolved a security vulnerability that previously enabled the FBI to retrieve deleted messages from Signal users by accessing the push notification database on their devices, even when the application had been removed and messages were configured to auto-delete.
According to a security advisory published by Apple on Wednesday, the company addressed a vulnerability that caused "notifications marked for deletion" to be "unexpectedly retained on the device."
Through a post on X published Wednesday, Signal announced that the update successfully resolved the vulnerability that had made user messages accessible to law enforcement agencies.
"Apple's advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release," Signal said.
The messaging platform Signal employs end-to-end encryption technology to safeguard communications between users. This vulnerability serves as a stark reminder that encryption of messages alone may prove insufficient for protecting user data when utilizing particular devices or operating systems.
FBI found a backdoor to private messages
The discovery of this security vulnerability came to light through 404 Media, an independent technology news outlet, which published a report on April 9 revealing that recently unsealed documents from a Texas federal court were connected to an FBI investigation concerning an attack on the Prairieland ICE Detention Facility that occurred last July.
Court documents from the proceedings revealed that FBI investigators had successfully conducted a forensic extraction of a defendant's Signal messages directly from the iPhone's notification database, which had stored cached, readable previews of received Signal messages even though disappearing messages had been activated and the application itself had been uninstalled from the device.
In response to the 404 Media investigation, Meredith Whittaker, who serves as Signal's President, urged Apple to expeditiously address the vulnerability, stating in an X post dated April 14 that "notifications for deleted messages shouldn't remain in any OS notification database."
Telegram co-founder Pavel Durov also weighed in on the report, contending in a Telegram post published on April 14 that achieving true safety would require applications to "force an absence of notification previews" on both ends of a conversation.