Not saying that this isn’t a threat vector, but it’s not like my communications are automatically compromised, like with a bug or hacked signal server infrastructure
For sure, but the primary reason governments around the world keep their classified data off commercial networks is to mitigate risk vectors. The US is just being led by a bunch of fucking morons, so they don’t consider things like that. The encryption within Signal is perfectly sound, but top secret data has no business being on their servers or on unclassified, commercial phones.
Hacking a signal server should yield zero useful results. Messages are encrypted on the phone before being sent. Signal servers only ever receive and retransmit encrypted blobs, never the plaintext. They, by design, do not have the keys to decrypt those messages. There might be metadata about who messages who and when, but I’m not 100% familiar with that part of it.
Now, if you pwn the phone, on the other hand, you can record the display and log the keystrokes.
Phishing and also your commercial phone is definitely vulnerable. Look what groups like Salt Typhoon and their cohorts have been doing for years.
Not saying that this isn’t a threat vector, but it’s not like my communications are automatically compromised, like with a bug or hacked signal server infrastructure
For sure, but the primary reason governments around the world keep their classified data off commercial networks is to mitigate risk vectors. The US is just being led by a bunch of fucking morons, so they don’t consider things like that. The encryption within Signal is perfectly sound, but top secret data has no business being on their servers or on unclassified, commercial phones.
Hacking a signal server should yield zero useful results. Messages are encrypted on the phone before being sent. Signal servers only ever receive and retransmit encrypted blobs, never the plaintext. They, by design, do not have the keys to decrypt those messages. There might be metadata about who messages who and when, but I’m not 100% familiar with that part of it.
Now, if you pwn the phone, on the other hand, you can record the display and log the keystrokes.
Yeah, exactly
But when they talk, that signal is hackable, there is pretty much a difference to a phishing attack or an actual hack of the infrastructure
And as you said, with E2E encryption that shouldn’t be really possible