It’s why Molly has local database encryption.
Comment on How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
Ulrich@feddit.org 2 days agoThey weren’t talk about the server:
This app…works in almost exactly the same way as Signal, except that it also archives copies of all the messages passing through it, shattering all of its security guarantees.
OmegaSunkey@ani.social 1 day ago
0xD@infosec.pub 1 day ago
That doesn’t really do anything. Attackers need local access to the device to get the database itself. Chances are, they’ll get the key right with it.
HappyTimeHarry@lemm.ee 1 day ago
Molly encrypts it using a passphrase instead of a locally stored key for exactly that reason.
0xD@infosec.pub 1 day ago
The passphrase or the unencrypted database are still open in memory. Though that is, of course, a more complicated attack but they could simply read it through the app itself.
disguy_ovahea@lemmy.world 1 day ago
The only backup option I see for Signal is through Android, but it’s optional. There is no backup support for iOS or desktop.
ShittyBeatlesFCPres@lemmy.world 1 day ago
Later in the article, it talks specifically about the server-side archives being stored in plain text. That’s why the hacker was able to access messages. This isn’t about the local copies on phones.
Ulrich@feddit.org 1 day ago
Yeah I didn’t read past the misinformation
AbidanYre@lemmy.world 1 day ago
Kinda sounds like you’re the misinformation.
Ulrich@feddit.org 1 day ago
You’re confused, I am not the author of this article.
doodledup@lemmy.world 1 day ago
Maybe you should start reading up on stuff you don’t know about before adding nonsense to internet threads.
nekusoul@lemmy.nekusoul.de 1 day ago
This is now the third post in the last 24 hours where I stumble into a needlessly long thread because this user is completely obtuse and can’t handle being wrong or a different opinion.
Ulrich@feddit.org 1 day ago
Don’t know what you mean. I didn’t add any “nonsense”.