The Signal Chat Leak and the NSA

Bruce Schneier (March 31, Hacker News):

“I didn’t see this loser in the group,” Waltz told Fox News about Atlantic editor in chief Jeffrey Goldberg, whom Waltz invited to the chat. “Whether he did it deliberately or it happened in some other technical mean, is something we’re trying to figure out.”

Waltz’s implication that Goldberg may have hacked his way in was followed by a report from CBS News that the US National Security Agency (NSA) had sent out a bulletin to its employees last month warning them about a security “vulnerability” identified in Signal.

The truth, however, is much more interesting. If Signal has vulnerabilities, then China, Russia, and other US adversaries suddenly have a new incentive to discover them. At the same time, the NSA urgently needs to find and fix any vulnerabilities quickly as it can—and similarly, ensure that commercial smartphones are free of backdoors—access points that allow people other than a smartphone’s user to bypass the usual security authentication methods to access the device’s contents.

There’s a debate over whether the information shared constituted “war plans” and whether it was technically classified. But putting that aside, there are some interesting privacy and design questions here. Did they use Signal simply because it’s more convenient than the official government system? Because they didn’t trust the government system? Because they wanted to evade record-keeping requirements?

Did Waltz add Goldberg by mistake, e.g. picking the wrong name in auto-complete, in which case maybe there was someone intended to be in the chat who never actually got added? Did he add Goldberg on purpose, to sabotage, without knowing it would be traced back to him? If, as he insists, he never met or communicated with Goldberg, how did the number get into his phone? Can they really figure out whether Waltz did it and where the phone number came from?

It has always seemed to me that the privacy danger with systems like Signal and iMessage is not that someone would be able to decrypt the messages but that there would be a vulnerability that allows covert participants to be injected into the conversation, i.e. become part of the E2EE group. But if there is such a vulnerability in Signal, it’s hard to see why an adversary country or rogue elements within the NSA would want to waste it in this manner. It’s got to just be a mistake.

I was thinking about how this might have worked differently with iMessage. Would iOS ever look up Goldberg’s name or address or would he only show up as a phone number for participants who didn’t have him in their contacts?

The main issue with iMessage is that I don’t trust the device added to your account notifications. I get these all the time, and they’re seemingly unrelated to when I’m actually logging into iMessage or updating a device that uses it. Even assuming that there’s no way to add a device to an iMessage account without triggering this alert, device names can be spoofed and I don’t see how I would be able to detect if someone removed a device that I don’t frequently use and added a fake device with the same name. Without checking the serial number (which itself could perhaps be spoofed) or checking that the original device was still logged in, how do you know that the listed devices are what they claim to be? And how many people even check the device list every time this notification pops up?

Hugo Lowell (April 6, via Hacker News):

According to three people briefed on the internal investigation, Goldberg had emailed the campaign about a story that criticized Trump for his attitude towards wounded service members. To push back against the story, the campaign enlisted the help of Waltz, their national security surrogate.

Goldberg’s email was forwarded to then Trump spokesperson Brian Hughes, who then copied and pasted the content of the email – including the signature block with Goldberg’s phone number – into a text message that he sent to Waltz, so that he could be briefed on the forthcoming story.

Waltz did not ultimately call Goldberg, the people said, but in an extraordinary twist, inadvertently ended up saving Goldberg’s number in his iPhone – under the contact card for Hughes, now the spokesperson for the national security council.

[…]

According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.

This seems plausible, though it’s unclear to me how they were able to track down this history with any certainty. I don’t think we can discount the possibility that Waltz really did know Goldberg. But the data detectors explanation does have the advantage of explaining both how Golberg’s number got into his phone and how he inadvertently added Goldberg to the conversation without realizing his mistake. His phone, I guess, would have shown Hughes’ name in the conversation.

Previously:

• US Officials Recommend Encrypted Messaging Apps
• Criticism of Signal
• Beeper’s Final Fixes and Government Investigations
• Google Accused of Violating Retention Obligations
• Turning Off Apple Data Detectors in Mail

Artificial Intelligence Contacts Design iMessage iOS iOS 18 iOS App National Security Agency (NSA) Privacy Signal

Comments RSS · Twitter · Mastodon

Leave a Comment

Name

E-mail (will not be published)

Web site

Δ