Signal Is Finally Bringing Its Secure Messaging To the Masses [Andy Greenberg]

Dated Feb 14, 2020; last modified on Thu, 02 Sep 2021

Attracting the Masses

Brian Acton (WhatsApp cofounder) injected $50m into the Signal Foundation, allowing them to grow from 3 to 50 full-timers.

You’d think that at Signal’s dominance, getting $$$ shouldn’t be a problem. But VCs expect a multiple return and Signal doesn’t look like it will monetize soon.

Signal has added support for iPad, ephemeral images and video, downloadable customizable “stickers,” and emoji reactions. These features are meant to attract normal people.

It seems that people value convenience over security. Furthermore, good security - if done right - should be invisible. But then people won’t appreciate it. No wonder browsers result to blatant privacy-signalling, e.g. Intelligent Tracking Prevention has blocked XX trackers on this site! Same goes with Apple selling iPhones with privacy as a “feature”.

HN: Signal is still lagging in essential features, e.g. processing vCards, exporting/migrating chat history. Sometimes security hampers convenience, e.g. stripping metadata from photos.

Technical Hurdles

How complicated can downloadable customizable stickers be? Signal encrypts each sticker ‘pack’ with an encrypted key. The key is shared between users when a user wants to install new stickers on their phone. Signal’s server can’t identify the stickers, their creator nor their sender.

For group messaging, Signal teamed up with Microsoft Research. Signal uses anonymous credentials that let a server gatekeep group members without learning the members' identities.

Signal acknowledged the need for a non phone number identifier in 2014. The technical infrastructure isn’t there yet. Secure Value Recovery is being touted as a potential solution:

Secure Value Recovery

Allows users to create address books on a Signal server. The address book is encrypted with a key stored in the SGX secure enclave. The enclave is meant to hide certain data from the rest of the server’s OS.

Signal Has a Fix for Apps' Contact-Leaking Problem. Andy Greenberg. Wired. https://www.wired.com/story/signal-contact-lists-private-secure-enclave/ . Sep 26, 2017.

Software Guard Extensions (SGX) is an Intel processor feature. The enclave runs code that the rest of the OS can’t alter. This code is signed with a unique key controlled by Intel. The signature can be used to verify that the code in the enclave hasn’t been tampered with.

User shares contacts with Signal. In the secure enclave, Signal compiles a list of known Signal-using contacts. Signal’s open-source server code is designed to immediately erase the address book info after processing it. Signal users can check that this code hasn’t been changed to somehow store the data instead.

HN: Many cryptographers don’t believe SGX will be technologically reliable anytime soon.

Intel SGX is Vulnerable to Load Value Injection

LVI - Hijacking Transient Execution with Load Value Injection. Jo Van Bulck. https://lviattack.eu/ . https://lviattack.eu/lvi.pdf . Mar 10, 2020.

Poison a hidden processor buffer with attacker values.

Induce a faulting or assisted load in the victim program.

The attacker’s value is transiently injected into code gadgets following the faulting load in the victim program. In this short period, an attacker can arbitrarily hijack the control and data flow.

Side channels may leave secret-dependent traces, before the processor detects the mistake and rolls back all operations.