Apple Resolves Vulnerability That Enabled FBI to Access Deleted Signal Messages
Apple has addressed a security issue that allowed the FBI to recover deleted messages from Signal via push notifications.
Tech giant Apple has addressed a security vulnerability that permitted the FBI to access deleted messages from a Signal user through their device’s push notification database, even after the app had been uninstalled and messages were set to vanish.
In a security notice released on Wednesday, Apple confirmed it had rectified a flaw that led to “notifications marked for deletion” being “unexpectedly retained on the device.”
In a post on X, Signal announced that the update resolved the issue that permitted law enforcement to recover users’ messages.
“Apple’s advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release,” Signal stated.
Signal employs end-to-end encryption to safeguard messages exchanged between its users. This flaw serves as a reminder that using messaging encryption may not fully protect data on certain devices or operating systems.
Apple’s security patch notes
Source: Apple
FBI Discovered a Backdoor to Private Messages
This security vulnerability was initially highlighted by independent tech news site 404 Media, which reported on April 9 that recently released documents in Texas federal court involved an FBI case regarding an incident at Prairieland ICE Detention Facility last July.
The court documents revealed that the FBI managed to forensically extract a defendant’s Signal messages from the iPhone’s notification database, which stored cached, readable previews of incoming Signal messages even after disappearing messages were enabled and the app was deleted.
After the report from 404 Media, Signal President Meredith Whittaker urged Apple to address the matter swiftly, pointing out in an April 14 X post that “notifications for deleted messages shouldn’t remain in any OS notification database.”
Pavel Durov, the co-founder of rival privacy messaging platform Telegram, also voiced his thoughts on the issue, claiming in an April 14 Telegram post that the only way to ensure complete safety was for the app to “mandate the absence of notification previews” on both sides of a conversation.
