-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signal Desktop stores all received attachments unencrypted on filesystem #5751
Comments
There are platform-specific methods of securely storing key material (e.g. macOS keychain, gnome-keyring) where symmetric encryption keys could be stored for protecting files on disk, to avoid the issue of storing key material on the filesystem adjacent to the files the key protects (which would be pointless). |
Related to #5703 but not quite identical. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been closed due to inactivity. |
Closing still-relevant issues because of inactivity (on the part of the developers to whom they have been reported!) is bad form. It tells your users that they should stop donating time and effort to report issues if you're just going to ignore and autoclose them. This is still an active issue, and now it's closed. Telling me to FOAD would have been simpler. |
Agree this should be reopened ! Even if it's not a short term priority, this seems like a worthy security goal. Seems like it could also be a Good First Issue for other contributors to PR |
This would be a good feature to have, since we cannot assume security from OS in general. Considering data collection and the so much hacking going on with the OS recently. |
This should be a signal feature for every platform and not just Desktop. If data can be accessed so easy on other platforms as well. |
Should’ve treated as a high security issue, any local script with user privileges can access all attachements from all conversations! |
Note, this is reported as CVE: https://www.cve.org/CVERecord?id=CVE-2023-24069. But it seems not well defined as it is marked "non scriptable" and fixed in v6.2.0. |
This issue is way worse than expected! As some developers and security researches found out not only Signal Desktop is storing unencrypted images but also the encryption keys are stored plain text into a JSON file. These researched were able to clone their current Signal Desktop session to a VM with a simple python script they coded that probably just copy the entire Signal Desktop folder into another machine. The result is that a new session is added to the account without any notification or user warning. This is a huge security flaw and it must be addressed quickly, as of now I suggest to delete the entire Signal Desktop data from your machines, disconnect your account and wait for a fix. I will link down below all the references, thanks to everyone involved to these researches. https://x.com/mysk_co/status/1809287118235070662 |
This is scary bug, especially after the Apple M series chip bug has been known to expose the encrytion keys. |
This is a scary issue and it's been here since 2022!!! |
We have implemented support for a new attachment storage system here: 28664a6 Every attachment is encrypted with a unique per-attachment key that is locally stored in an encrypted SQLCipher database. The local database encryption key is also protected by the Electron safeStorage API which utilizes the system keystore provided by your operating system to restrict access and securely store the database encryption key on supported platforms. Existing attachments will be automatically migrated to the new storage system too. These updates will require a lot of testing before they start rolling out to more users. If you want to help us with the testing process now by compiling or running a pre-beta version of Signal Desktop, please use a test device in order to avoid any data loss throughout the process. We hope to have everything ready for a beta release in the next few weeks. You can find out how to join the Signal Desktop beta here. Thanks for your support! |
Bug Description
All received attachments are accessible unencrypted at
~/Library/Application Support/Signal/attachments.noindex/
.Steps to Reproduce
Actual Result:
Attachment is stored unencrypted in the filesystem.
Expected Result:
Attachment data is encrypted at rest.
Screenshots
Platform Info
Signal Version:
5.28.0 (intel)
Operating System:
macOS
Linked Device Version:
5.26.9.2
The text was updated successfully, but these errors were encountered: