The Signal App's Controversy: Unencrypted Keys Draw Elon Musk's Attention

The desktop version of the encrypted messaging app Signal has historically stored encryption keys in plaintext. When encrypted messages arrive at the client, they are decrypted using this key. However, this also means any software can potentially read and use these plaintext keys to decrypt users' messages.

This issue was first identified in 2018 and reported to Signal, but the response was dismissive. The company insisted that its security protocols were sound and that storing keys in plaintext was not a security flaw.

Recently, the issue resurfaced on social media platforms X/Twitter, catching the attention of Elon Musk, a long-time advocate for using Signal for encrypted communication.

Musk commented: "It's odd that Signal has a known, unresolved vulnerability." While he did not specify, it's clear the vulnerability he referred to involves the storage of encryption keys in plaintext.

Despite Musk's concern, Signal's president responded by denying any known vulnerabilities that needed fixing, effectively dismissing the plaintext key storage as a non-issue.

But is it really a non-issue? Clearly, this is a case of denial. Following the public attention, Signal developers began working on modifying the encryption mechanism, testing a secure storage system on macOS that requires user authorization to access keys within the sandbox.

To facilitate a smooth transition, Signal developed a fallback mechanism allowing the client to decrypt the database using old database keys. Signal stated this method would enable users to recover all previous conversation messages using old credentials if they encountered any issues.

After completing the transition, the old keys will be permanently deleted. This means that in the future, Signal will not be able to directly view key information, nor will other software, including malware, be able to use these keys to decrypt user conversations.

Six years in, this issue is finally being addressed, raising questions about Signal's initial dismissal. Why did it take Elon Musk's attention to prompt action on an issue Signal claimed was non-existent? This approach by Signal has been widely criticized as irresponsible.