Signal Data Recovered From iPhone
Investigators recovered deleted Signal messages from an iPhone not by breaking encryption but by extracting message fragments stored in notification logs, exposing an endpoint‑configuration weakness. (forbes.com) Security coverage stresses that disabling lock‑screen notification previews or adjusting app settings can block the leak, underscoring that secure messaging depends on the whole device stack, not only app encryption. (digitaltrends.com)
Signal is still doing the hard part right: it scrambles messages so only the sender’s phone and the receiver’s phone can read them. In this case, investigators did not open that scrambled channel at all; they pulled plain-text fragments from the iPhone’s own notification records after the messages had already arrived. (forbes.com) A notification preview is the little snippet that pops onto the lock screen before you unlock the phone. On an iPhone, that preview is handled by the operating system, which means the phone can end up storing part of the message outside Signal’s encrypted chat history. (forbes.com) That is why disappearing messages did not fully disappear here. The timer can erase a chat inside Signal, but it does not automatically erase every copy the phone’s notification system may have kept when the alert first arrived. (forbes.com) The clue that points to notifications is simple: investigators reportedly recovered incoming messages, not outgoing ones. Incoming texts create lock-screen alerts, while outgoing texts usually do not create the same kind of preview on your own device. (forbes.com) Even deleting the Signal app did not wipe that trail. Reporting on the case says the useful data lived in an iPhone notification storage area, so removing the app left behind the operating system’s record of what had flashed on screen earlier. (digitaltrends.com) This is less like cracking a safe and more like finding carbon paper in the desk drawer next to it. The safe stayed locked, but a readable copy had been made by another part of the system that was designed for convenience, not secrecy. (forbes.com) Apple already gives iPhone users a switch for this. In Settings, you can go to Notifications, choose an app, tap Show Previews, and set previews to “When Unlocked” or “Never” instead of “Always.” (support.apple.com) Security coverage of the case says that one settings change blocks the easiest version of this leak, because the lock screen stops displaying the message body in the first place. If the phone never shows the snippet, there is far less useful text for a notification log to preserve. (digitaltrends.com) The bigger lesson is that encrypted apps ride on top of a much larger machine made by Apple and configured by the user. If the phone is set to trade privacy for convenience at the lock screen, the strongest chat app in the world cannot stop that trade from happening. (forbes.com)
