Understanding Signal Messaging App Security: Is Encryption Enough?
In the last few weeks, it has been widely reported that members of the United States' National Security Team engaged in certain discussions that reportedly may have contained classified information and included a third party member of the press in the group. This has been publicly disputed by government officials.
I have avoided engaging in online discussion on this topic until the full details come out. Also as a cybersecurity professional I did not have anything particular to add to the narrative in real time.
Now that time has passed I feel strongly that this is a good time to provide you with some security basics. What I will discuss in this article today is: Is an end-to-end encrypted message application, such as Signal, a secure platform, and is strong encryption enough? In the end, the answer as always is: it depends on your threat model. This article will not exhaustively explore all possible threats.
Before diving into Signal’s security features, it’s essential to understand the concept of a ‘threat model.’ This refers to the potential risks you face, which can vary significantly depending on your circumstances. For example, a casual user’s threat model differs greatly from that of a journalist or government official. Understanding your threat model is critical to determining the appropriate security measures.
With that in mind, let’s lay out five (not exhaustive) key properties of a secure messaging platform. In a secure platform, messages are:
- protected in transit between the sender and the recipient without any eavesdropping in the middle
- not accessible in any form by any service provider or application developer
- protected from snooping government eyes leaning on the service provider or application developer via legal process
- not distributed to parties who are not supposed to see the message
- expired after period of time so that it is no longer available and is thus protected from disclosure
Let’s analyze how Signal addresses these security properties, without going into a full source code review. For each of the five security properties above, Signal:
- Yes, it uses end-to-end encryption, specifically the Signal Protocol, a well-regarded system where messages are encrypted on the sender’s device and can only be decrypted on the recipient’s device.
- Yes, as a by product of end-to-end encryption where the endpoint devices conduct the entire encryption and decryption process without any server involvement, messages are inaccessible to a middle provider unless, and only if, that provider were to have their key added as a recipient to the message
- Yes, to the extent that #2 holds, the service provider or application developer cannot be compelled to provide message content that they have no access to at all.
- Yes, to the extent that #2 and #3 hold, the message cannot be encrypted to a recipient that is not known to the sender’s messaging app at the time the message is sent.
- The disappearing message feature adds a layer of privacy, but it’s important to understand its limitations. Once a message is decrypted on the recipient’s device, it’s vulnerable to actions outside of Signal’s control, such as screenshots or someone physically viewing the screen.
While the content of Signal messages is strongly protected, it’s important to remember that metadata, such as who is communicating with whom and when, may still be accessible. Also, if a device is compromised physically, then all software based security, including end to end encryption, will be rendered useless. And metadata disclosure can be just as damaging as content disclosure in many circumstances, For example, it has been said that enemies on the battlefield have been targeted for drone strikes based on metadata alone without content.
Signal meets the key criteria for a secure messaging platform. However, that does not mean it is appropriate for all use cases. In particular, it is designed to be easy to add recipients to a conversation. This low barrier is an intentional design choice to make this appropriate as an every day communication application. Additionally, it is designed to treat messages as ephemeral (not archived forever) to the extent that is technically possible and thus may not match an organizational requirement to keep archival records of official business.
But the key take away from all this is that encryption alone, without more, cannot provide for a secure and appropriate messaging platform. If that messaging application is secure is a question about overall threat modeling and not a simplistic idea that encryption = security. If you, my dear reader, have made it to this end, you now know more about encryption and security than a great many people.
