Open paulmillr opened 1 year ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
no
Where you asked for the old PIN when registering the new device?
no
So data from Secure Value Recovery Storage Service was not recovered. I think groups also reappear when someone sends a message or some kind of low level status update to the group.
Why can't data in SRV just be deleted after PIN is deleted?
Secure Value Recovery does not store actual user data, only the master key for Storage Service encrypted with the PIN. Data can't be deleted from Storage Service when the PIN is removed because Storage Service is used for Groups V2.
When the PIN is deleted, a random master key is generated on device and used to encrypt data sent to Storage Service, but this time the master key is not encrypted with a PIN and uploaded to Secure Value Recovery.
So, if there is no more PIN, the groups are not encrypted and can be retrieved from the server?
the groups are not encrypted and can be retrieved from the server?
I think groups are recovered through interaction with other groups members, as said above, whereas they are recovered on install if you have the PIN. After all members still see you in the group.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
no
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Meh
Bug description
Creating a PIN enables Secure Value Recovery, which backs up user data to SGX enclaves on the Signal server.
Disabling a PIN does not disable Secure Value Recovery, which means, all user data backed up to Signal would be exposed on a sim-swapping attack. That includes group chat names, timers, contacts.
Signal deletes the data on account deletion (https://github.com/signalapp/Signal-Server/blob/3e53884979c4b4e1de13b383a557f5675813c83d/service/src/main/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClient.java#L55), so the functionality is already present on the server. A client just needs to call the api endpoint.
Steps to reproduce
Actual result: All user data should be deleted from SGX
Expected result: User data is not deleted from SGX
Device info
Device: iPhone 12
iOS version: 16.5
Signal version: 6.24