×

An Unexpected Vulnerability in the iPhone Opens the Door to Spying on Conversations

News 5 hours ago

For years, both Telegram and Signal have sat on the throne of messaging apps as the safe and final refuge for those seeking privacy and end-to-end encryption. Over time, a common belief has taken root that deleting messages or even removing the app from the phone is enough to permanently erase any trace of conversations. However, recent investigations have revealed a vulnerability in the iPhone that allows access to parts of messages indirectly, without the need to hack the app or break the encryption. In this article, we review the details of this vulnerability, how it can affect your privacy, and most importantly, what you can do to secure your conversations and prevent spying.

From Phonegram: A smartphone displaying the Signal app logo on its screen, placed on a wooden surface next to a closed notebook - highlighting protection against message spying and security vulnerabilities.

A Vulnerability in the iPhone

From Phonegram: A hand holding a smartphone displaying app notifications and digital locks, with blurred FBI logos in the background and rotating orange light effects above the phone, highlighting security vulnerabilities that could lead to message spying.

The story began when the FBI was able to access incoming messages from the Signal app on an iPhone belonging to a suspect, even though the app itself had been deleted from the device. This was not the result of breaking encryption or hacking servers, but rather due to an unexpected vulnerability: the iOS notification system.

Where Does the Problem Lie?

From Phonegram: A smartphone displaying a Signal app notification is wrapped in red warning tape, indicating that messages are a vulnerable point, placed on a wooden surface.

When you receive a message via any app, the iPhone operating system displays a portion of it within notifications, whether on the lock screen or in the Notification Center. This data does not always disappear once the app is deleted; rather, it may remain stored within the system’s databases for a certain period. This is where the vulnerability lies: even if the app relies on end-to-end encryption, the content of the messages may remain visible outside the app itself, specifically within the notification log.

In other words, encryption protects messages during transit, but it does not prevent them from appearing as plain text if the phone’s settings allow it.

What Were They Able to See?

From Phonegram: Two FBI agents in tactical gear standing next to a black SUV, facing away from the camera, investigating a case involving an iPhone vulnerability and concerns about phone security.

It can be said that the investigators were unable to access the messages sent by the phone owner, but they were able to view the messages received by them—the other side of the conversation. This alone is enough to reveal half the story, and sometimes the entire story.

What Is the Solution?

10 ways to improve call quality on your iPhone

This issue is not a complex vulnerability but rather the result of a default setting that most users prefer for ease of use. You can simply reduce this risk by controlling notification content within the app itself. In Signal, for example, you can prevent the message text or even the sender’s name from appearing in notifications. However, this comes at a price, as you will lose the feature of quickly knowing the message content without opening the app, which some may find annoying during daily use. Nevertheless, protecting privacy must come at the expense of your convenience.

Is the Problem Limited Only to Signal?

From Phonegram, a hand holding a smartphone with the WhatsApp logo, against a background of a digital world map and two masked figures, signaling a hacking campaign involving spyware.

The answer is no. Any app that displays message content within notifications can face the same scenario. Therefore, it is best to review the settings of all messaging apps you use, and not just change the settings in Signal or Telegram alone.

As for WhatsApp users, another disaster is looming. Pavel Durov, the founder of Telegram, stated that the app, owned by Meta, is the biggest user scam in history. Durov based his accusation on lawsuits alleging the existence of backdoors that allow app employees and third parties to bypass the encryption system and read users’ private messages. Although WhatsApp rushed to deny these allegations entirely, describing them as ridiculous and completely false, the seeds of doubt have been sown, prompting many to seriously consider migrating to more transparent alternatives.

Even Telegram, which claims to be the strongest in protection and privacy, is not immune to security vulnerabilities. A vulnerability was recently discovered within the app that could lead to exposing users’ IP addresses, helping to track them and determine their geographical locations with ease.

Finally, in a world where governments and companies compete to collect user data, relying on promises of end-to-end encryption is no longer enough. Digital security has become a personal responsibility that requires deep awareness and a precise understanding of how to enhance privacy and secure your sensitive data; otherwise, a fleeting message on an iPhone lock screen might be the vulnerability that tears down your wall of privacy.

Will you change your settings after this information, or do you think it is an exaggeration? Let us know in the comments!

Source:

404media

Leave a Reply