FBI Recovers Deleted Signal Messages from iPhone Notifications

Severity: Medium (Score: 51.9)

Sources: Rss.Slashdot, Risky.Biz, News.Ycombinator, Thecyberexpress

Summary

The FBI successfully extracted deleted Signal messages from an iPhone during a trial related to vandalism at the Prairieland ICE Detention Facility in Texas. The messages were retrieved from the device's internal notification storage, despite the Signal app being uninstalled. Testimony revealed that incoming messages could be preserved in the notification database, particularly if message previews were enabled. Only incoming messages were recoverable; outgoing messages were not stored in the same manner. This incident highlights a potential vulnerability in how iOS handles notification data, raising concerns for privacy-focused messaging apps. Security experts emphasize the importance of adjusting notification settings to prevent sensitive information from being stored. The case has drawn attention to the broader implications for privacy and data security on mobile devices. Neither Signal nor Apple provided comments on the notification handling process. Key Points: • FBI extracted deleted Signal messages from an iPhone using notification data. • Only incoming messages were recoverable; outgoing messages were not stored. • Users are advised to disable message previews in notifications for better privacy.

Key Entities

• Data Breach (attack_type)
• Zero-day Exploit (attack_type)
• Los Angeles Police (company)
• Russia (country)
• Venezuela (country)
• Adobe Reader (platform)
• IOS (platform)
• IPhone (platform)
• MacOS (platform)
• AuRevoir (tool)