Signalgate, and NSA warnings about Signal vulnerabilities, highlight the inherent vulnerabilities in the EU's latest interoperability rules

Signalgate, and NSA warnings about Signal vulnerabilities, highlight the inherent vulnerabilities in the EU’s latest interoperability rules 

By Jim Kohlenberger

These couple weeks have proven to be a powerful reminder of the power of encrypted messaging apps, and the equally significant harm to national security when someone unwittingly gains access to important private conversations.  

With the sanctity of encrypted Signal messages brought into the mainstream conversation, policymakers globally need to look closely at newly disclosed NSA warnings of an active Signal vulnerability that allows access to private chats when a third-party device is connected to Signal’s encrypted services, and a brand-new European Union set of rules that could further expand vulnerabilities by weakening safeguards when connecting encrypted messaging services to third party devices.  

In fact, we should all be concerned when one foreign actor — in this case Russia — is actively targeting popular encrypted messaging services as a high-value target, and another foreign actor (in this case the EU) — albeit for well-meaning purposes – actively weakens the safeguards put in place by American innovators to protect the sanctity of encrypted messaging when connecting to third party devices.

Here’s what is going on. As CBS recently reported, “NSA warned of vulnerabilities in Signal app a month before Houthi strike chat.”  The NSA discovered and was proactively warning users about an actively exploited vulnerability in Signal’s end-to-end encrypted messaging apps – generally thought to be one among the world’s most robust and least vulnerable encrypted communication services. The NSA explains the exploit enables malicious actors to surreptitiously add additional unknown linked devices –like an unknown phone or computer – to a chat conversation to allow the hacking groups “to view every message sent by the unwitting user in real time, bypassing the end-to-end encryption.”  That’s especially concerning – especially given what we are seeing play out at the highest levels of national security leaders.   The hackers gain access by modifying a Signal app setting that grants access to chats to other ‘linked’ devices. If a user has themselves ‘linked’ other devices they own to Signal, and a hacker gained access to one of the other linked devices, the hacker could access the messages on that other linked device too.  

The problem occurs when a “linked device” allows the Signal application to be used on multiple devices concurrently – and it’s an important reminder that weaknesses in the way we connect and interoperate with third-party devices can create powerful new threat vectors that state actors can take advantage of and exploit for significant gains. The vulnerability allowed multiple Russia-aligned threat actors to actively target encrypted Signal messenger communications using a spoofed QR code – a feature that was originally intended as a simple and trusted way to connect an account to a third party “linked device.” Among many interesting things about this exploit, it allows a malicious actor to surreptitiously add themselves and others to group chats – whether it’s a state actor, an intelligence officer, a corporate espionage operator, or even an inquisitive reporter — without others knowing how or that they were added.  No one has yet suggested that this exploit was used in the Houthi Signal chat to add a reporter, but the ability to enter a group chat of the highest-ranking US national security officials is exactly the kind of high-value target that state actors are attempting to target.     

The NSA is not alone. A Google Threat Intelligence report from February explains the way the exploit works in even more detail, the high value nature of the targets, and warns that other popular encrypted messenger services are also active targets. They report, “Signal’s popularity among common targets of surveillance and espionage activity—such as military personnel, politicians, journalists, activists, and other at-risk communities—has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfill a range of different intelligence requirements,” and says the concern extends to other “popular messaging apps… which are also being actively targeted by Russian-aligned threat groups using similar techniques.”  

What is the relationship to the EU’s new interoperability rules?  Given these dynamics and the high-priority that foreign actors have placed on gaining access to popular messaging apps, it’s especially concerning that earlier this month the EU took steps in a very different and potentially harmful way when it comes to the interoperability of another popular encrypted messaging app and the security safeguards used when connecting to third party devices.  Under the well-meaning goal of advancing digital interoperability, the EU has nonetheless taken steps under its Digital Markets Act (DMA) to force mandatory interoperability into third party connected devices, including other core encrypted messaging apps without taking the necessary safeguards to protect security. 

Specifically, in what is a global first, the EU’s DMA regulators have established an unusually detailed new set of rules – which apply to Apple — and only Apple – detailing the way screen notifications and messages are processed and displayed on third party devices which appear to require Apple’s encrypted messenger to link to third party devices in ways that also create new potential vulnerabilities. The challenges begin with obligations for how a third-party linked device is validated as trusted before being able to display messages and notifications. In Signal’s case for example, they used a QR code to link and validate third party “linked devices,” which ended up allowing malicious QR code redirects to be used to add additional users to a group chat in order to listen in on encrypted communications – a weakness that Signal has now reportedly patched. However, in the case of the EU’s new rules, instead of relying upon a consistent and trusted existing mechanism, they are instead allowing any third-party developer to set up their own “linked device” validation method (what Signal uses its QR codes to do), which allows developers to introduce the same kinds of validation weaknesses as Signal has faced –  especially for companies not as security savvy or encryption expert as Signal.  

Security technologist Bruce Schneier explains that if Signal has vulnerabilities like the one the NSA is warning about, then we need to “ensure that commercial smartphones are free of backdoors—access points that allow people other than a smartphone’s user to bypass the usual security authentication methods to access the device’s contents.” He says, “[a]s long as smartphones are in the pocket of every government official, police officer, judge, CEO, and nuclear power plant operator—and now that they are being used for what the White House now calls  “sensitive,” if not outright classified conversations among cabinet members—we need them to be as secure as possible.”  He’s right, but the EU seems intent on exacerbating the situation by weakening smartphone security for everyone.  

For example, the rules now also require Apple to weaken core safeguards designed to protect user privacy, safety, and trust by disabling key security features to let other third parties access core features and encrypted user messages. Although the EU’s new rules say, “Apple is allowed to require that third-party developers encrypt the iOS notification before relaying it to the connected physical device” the de-encryption and then re-encryption of communications quite simply busts open the inherent strength of end-to-end-encryption – that it protects messages from its origination to its endpoint in an end-to-end manner without being interrupted or unencrypted anywhere along its journey. Breaking the existing secure system, for example, creates potential man-in-the-middle attacks (allowing clear unencrypted text to be obtained surreptitiously,) creates new vulnerability vectors for enabling access to protected communications, and creates a new vector for malicious actors to gain access to encrypted chats through poorly designed validation methods. These new mandatory vulnerabilities are exactly the kind of security weaknesses  that Russians and other countries have previously sought to exploit using a technique called “push notification spying“ to intercept private messages.  

This broad set of new problems could have and should have been avoided. The significant technical challenges EU regulators face in attempting to achieve interoperability for encrypted messaging apps, has been well-understood and well-documented. For example when the DMA’s interoperability provisions were first passed, cryptographic experts argued that moving forward without considering the technical complications is “mind numbingly foolish, privacy-destroying, encryption-busting, innovating-killing,” and “a literal nightmare for privacy and safety of E2E-Encrypted messengers.” 

By forcing interoperability and new weaknesses into an already well-designed security architecture, a third party connected application could potentially now intercept, store and monitor personal communications at scale. This makes an otherwise secure Apple ecosystem less secure based on the introduction of unvetted hardware, software and permissions, and makes devices, apps and services easier to exploit.

It’s not just malicious state actors, we also need to be concerned about the unintended vulnerabilities that are likely to be introduced by third-party coders who are being given nearly unrestricted interoperable access under the EU’s interoperability rules. As has been pointed out before, under the guise of improving interoperability, the EU is taking major steps backwards when it comes to user trust and privacy – and doing so without exploring how to ensure its own DMA rules achieve interoperability with other EU obligations and goals.  

For example, the commission developed these new rules without adhering to the standard security practices adopted throughout industry, and that have been captured in Chapter 2 of the EU’s own Cyber Resilience Act.  The Commission’s consultation document that sought input on these rules never even specifically asked about the privacy or security implications of the design changes they are seeking to mandate, nor sought to explore how these rules would interoperate with other EU cybersecurity goals, and thus they will be unable to foresee the broad types of privacy and security implications of their decisions.  

These EU interoperability rules don’t just lead to new potential vulnerabilities for notification and message services, but will also likely expand a broad range of potential new connected device vulnerabilities involving Wi-Fi, Bluetooth, NFC and other device interfaces – creating potentially new issues for the national security agencies of EU Member States, without having even consulting with them in advance on its potential impacts. 

The lack of a security review has left the EU with new rules that for example require Apple in some cases to provide third party access to its hardware, “without restrictions on the deployment of third parties’ security measures.”  At a time when policymakers are attempting to address a dynamically evolving global threat landscape, these challenges are further exacerbated because the rules also impede the swift ability to address and patch an actively exploited feature. Even if Apple discovers an actively exploited vulnerability, it is not allowed to “remove, disable, or otherwise make ineffective the interoperability solution,” and must instead go through an elaborate and potentially time-consuming process to address an active exploit – delaying potentially necessary security updates. This can be especially problematic because when a new zero day or other harmful exploit is found, it is often immediately addressed with a patch that disables a feature or access to the specific vector used by hackers to gain access. Delaying solutions is not the solution. What could possibly go wrong?  

It’s one of the reasons that the European Commission now finds itself in a cyber security pickle, and where they should make greater use of DMA Article 10 which gives the EC discretion not to require actions that would harm the public security. 

At a time when the public is now focused on the debate around the sanctity of encrypted messaging apps and the challenges it creates when presumed private conversations are exposed, policymakers need to continue to think hard and fast about why the secure systems are such high-value targets for hackers in the first place, and the steps policymakers need to continuously advancing about ways to harden, and not weaken the robustness of their security.    

Jim Kohlenberger is Co-Chair of Trusted Future and is a national technology and innovation policy leader who has served as technology policy advisor to two U.S. Presidents including as Chief of Staff for the Office of Science and Technology Policy. 

hello@trustedfuture.org | Privacy Notice