In today’s world everyone is using messenger applications. Many users prefer using messengers that have strong encryption built-in for obvious reasons from confidentiality to hiding data from investigators. One such app used by messengers due to the confidentiality and privacy they provide. Signal is one of these messengers and has been labeled one of the most widely used, next to Telegram, used by people living in regions known for corruption.Signal is a messenger often used by security minded users; offering secure chats and calls.
Signal is a free open source application available for both iOS and Android mobile devices, PCs and Macs. It was Edward Snowden who called Signal the most reliable messenger in the world on his Twitter feed in 2015.
The application provides end-to-end encryption allowing users to send encrypted group and individual text messages, photos and video files, and make encrypted phone and video calls without being intercepted while in transit. The messenger uses the ZRTP cryptographic protocol and an AES (Advanced Encryption Standard) algorithm with a key length of 128 bits.
What makes it so secure
First, end-to-end encryption. Signal stores encryption keys only on the user's device, without sending them to the server. Thus, only the sender and the recipient are included in the process of information exchange.
Second, a secure encryption protocol. The main difference between Signal and its current competitors lays in reliable encryption algorithms. The security community is highly appreciative of the crypto scheme used by the messenger. Third, storing encryption keys in Android KeyStore. Android KeyStore, much like the iOS Keychain, is a storage location containing software and hardware encryption keys on devices running. The KeyStore is used by Java-programs to encrypt data, authenticate, and establish HTTPS connection.
Signal as a source of evidence
According to Signal developers, it is almost impossible to bypass Signal’s built in protections. However, data transmitted and received using Signal is often the key to the investigation so providing a solution to the decoding of this data is essential.
Oxygen Forensic® Detective enables extraction and decryption of encryption keys from the Android KeyStore on Android devices that are not using hw-backed keys in the encryption process. Due to this, access was made to the Signal encryption keys, which in turn, can be used to decrypt the app’s data.
With this decoding method, data uncovered consists of:
• User account information;
• Call logs;
• Chats;
• Attachments;
• Contact list;
• Group chat information;
• Cache