Protection against Retroscope

signalapp / Signal-Android

A private messenger for Android.

https://signal.org

GNU Affero General Public License v3.0

25.62k stars 6.15k forks source link

Protection against Retroscope #5618

Closed vanitasvitae closed 7 years ago

vanitasvitae commented 8 years ago

I have:

[x] searched open and closed issues for duplicates
[x] read https://github.com/WhisperSystems/Signal-Android/wiki/Submitting-useful-bug-reports

Bug description

App seems vulnerable against Retroscope forensics tool: http://www.theregister.co.uk/2016/08/15/retroscope/

Are you going to do something against this?

nrizzio commented 8 years ago

I don't think there's anything they can do. Protection against this would probably have to come from the operating system - if we encrypted all data before storing it in RAM, we have to store that key somewhere in RAM, too.

Besides, this is a highly targeted attack, requiring someone to take your phone from you and image your RAM. I would presume that the people most vulnerable because of this kind of attack would also be aware of it and how to mitigate it.