This week, security researchers have steered care towards an interest finding while using Signal apps across multiple platforms .
When you or your contact reinstall the Signal app or interchange over to a raw device, the Signal safety number between you two may not constantly transfer .
The guard number is a feature of the app that helps users verify the security of their messages and calls with their contacts, and is typically expected to change when either party reinstalls the app or switches devices.
Signal app does not always reset your safety number
end-to-end encrypted messaging apps like Signal have a security system feature called “ safety numeral, ” or a “ security code, ” sometimes represented as a QR code .
You and every liaison of yours on Signal share a unique Safety Number ( SN ) that serves as the pair’s fingerprint and helps both contacts verify the privacy of their communications .
You or your contact can open up the Signal app, and tap each other ‘s names. Further tapping ” Verify guard phone number ” will show you what the safety number for your pair is .
The number is represented both in a human-readable numeric kind and a QR code :
Your Signal safety number is unique for every contact of yours (Signal) Should either contact reinstall the message app, switch to a raw handset, or change call total, the condom act, and the QR code, are expected to change .
Or, at least that is what Signal ‘s documentation stated as of final month :
“ The most common scenarios where a safety number advisory is displayed are when a contact switches to a new phone or re-installs Signal. however, if a base hit number changes frequently or unexpectedly it may be a sign that something is improper, ” read Signal ‘s archive documentation, as of May 22nd, 2021 .
But, security researchers Kelly Kaoudis, John Jackson, Sick Codes, and Robert Willis discovered, when installing Signal on a raw device and transferring their account over, the safety number for their contacts and them did n’t change. And, nor were the contacts alerted about any guard number change .
In Kaoudis ‘ event, the research worker was surprised to learn that the safety number for herself and her contact remained unaltered .
further, the researchers tested this behavior across multiple platforms presently supported by Signal, including Linux, OSX, Android, io, and Windows, and country that the guard numbers would not constantly change across these upon deletion and reinstallation of the Signal app, or when switching over to a unlike device .
In tests by BleepingComputer, the uninstallation and reinstallation of Signal app on Android and io devices did reset the base hit number, and the contacts were notified of the safety count change .
As such, BleepingComputer could not reproduce the issues described in the researchers ‘ reputation .
“ mid-may, I got a modern call. At the time I understood that with any change to the device or initiation of either party in a old world chat with message history, the Signal chat base hit number changes. ”
“ This used to be but ( following an involved electronic mail back-and-forth with the Signal team over the course of a calendar month ) is no long reflected in the Signal support documentation. ” says Kaoudis .
Since their report of this issue to Signal, the researchers department of state that the offspring was cryptically resolved, claiming that Signal rolled out patches that they believe were creditworthy for resolving the issue .
note, Signal has since revised their documentation software documentation to read :
“ The most common scenarios where a condom count advisory is displayed are when a contact switches to a new phone or re-installs Signal, but these actions don’t always result in a safety number change. “
Read more: Dual_EC_DRBG – Wikipedia
So when and why do safety numbers change?
To understand the emergence better, BleepingComputer reached out to Signal, specifically asking under what circumstances do the condom numbers change, and when do they not .
Signal has told BleepingComputer that there have been no changes made to the source code that concern base hit numbers .
Signal ‘s VP of Engineering, Jim O’Leary far states that any updates made recently were separate of normal alimony updates, and explains why safety numbers may not change in all circumstances .
by design, SNs do n’t change when doing a bespeak device transfer or when making a linked device change, because the cardinal substantial does n’t change. we explained this several times and even added to our patronize article/FAQ. no behavior here has changed ( 2/2 )
— jimio (@jimio) June 5, 2021
The subsequent responses to researchers ‘ reports by Signal provide us a better understand of how Signal safety numbers work, when do they change, and when not .
Signal ‘s CEO, Moxie Marlinspike stepped in on Twitter to shed lightly on the circumstances when the condom numbers not change :
“ You tried ( and reported ) installing on a new device using Signal device transfer, and you tried cycling a linked device. ”
“ These do not result in SN change notifications, because the underlying key material has not changed, so there is nothing to warn, ” explained Marlinspike .
By “ key material, ” Marlinspike is referring to what forms the basis of guard numbers and how they are generated, as explained in his 2016 and 2017 blog posts .
furthermore, in the lapp Twitter conversation, Marlinspike adds that the researchers ‘ report covers a character of Signal device transfer, followed by the bicycle of coupled devices .
however, when uninstalling or reinstalling Signal on an unlinked device, the Safety Numbers are supposed to change, and that “ this is how it always worked and was supposed to work. ”
Had Signal surreptitiously patched any issues described in the report card, being open-source, their GitHub perpetrate history would reveal the changes :
And if Signal “ surreptitiously patched ” things ( to work the way they were designed to and always have ), where is the perpetrate ? It ‘s OSS, should be comfortable enough to point out the wrinkle where this changed .
— Moxie Marlinspike (@moxie) June 5, 2021
The original function of safety numbers is to allow users to verify the security of their messages and calls with specific contacts .
“ Each Signal one-to-one chew the fat has a unique guard number that allows you to verify the security of your messages and calls with specific contacts. ”
“ confirmation of safety numbers is a dependable security practice for sensible communication. If a guard number has been marked as verified, any change must be manually approved before sending a new message. ”
“ This allows users to check the privacy of their communication with a contact and helps protect against any undertake man-in-the-middle attacks, ” reads Signal ‘s support department of commerce .
therefore, if the Safety Number between you and your contact changes and both of you get alerted, it is a good idea to verify that you are communicating with the mean person .
But, as Signal explains it, not all cases of app re-installation or migration may lead to a condom act change, and that is no campaign for concern .