Comment on How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
OmegaSunkey@ani.social 1 month agoIt’s why Molly has local database encryption.
Comment on How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
OmegaSunkey@ani.social 1 month agoIt’s why Molly has local database encryption.
0xD@infosec.pub 1 month ago
That doesn’t really do anything. Attackers need local access to the device to get the database itself. Chances are, they’ll get the key right with it.
HappyTimeHarry@lemm.ee 1 month ago
Molly encrypts it using a passphrase instead of a locally stored key for exactly that reason.
0xD@infosec.pub 1 month ago
The passphrase or the unencrypted database are still open in memory. Though that is, of course, a more complicated attack but they could simply read it through the app itself.
HappyTimeHarry@lemm.ee 1 month ago
You can set it to wipe them from memory on different conditions, including instantly if youre that paranoid, sure its still possible. Its an optional feature most people wont use, but its pretty well thought out.