Security issue: Signal backup is not deleted from server after PIN is disabled

[paulmillr]

• [x] I have searched open and closed issues for duplicates
• [x] I am submitting a bug report for existing functionality that does not work as intended
• [x] This isn't a feature request or a discussion topic

---

Bug description

Creating a PIN enables Secure Value Recovery, which backs up user data to SGX enclaves on the Signal server.

Disabling a PIN does not disable Secure Value Recovery, which means, all user data backed up to Signal would be exposed on a sim-swapping attack. That includes group chat names, timers, contacts.

Signal deletes the data on account deletion (https://github.com/signalapp/Signal-Server/blob/3e53884979c4b4e1de13b383a557f5675813c83d/service/src/main/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClient.java#L55), so the functionality is already present on the server. A client just needs to call the api endpoint.

Steps to reproduce

• Set up a PIN, upload some contacts, or create group chats
• Disable a PIN
• Register on a new device
• See group chats still available

Actual result: All user data should be deleted from SGX

Expected result: User data is not deleted from SGX

Device info

Device: iPhone 12

iOS version: 16.5

Signal version: 6.24

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[paulmillr]

no

[orazioedoardo]

Where you asked for the old PIN when registering the new device?

[paulmillr]

no

[orazioedoardo]

So data from Secure Value Recovery Storage Service was not recovered. I think groups also reappear when someone sends a message or some kind of low level status update to the group.

[paulmillr]

Why can't data in SRV just be deleted after PIN is deleted?

[orazioedoardo]

Secure Value Recovery does not store actual user data, only the master key for Storage Service encrypted with the PIN. Data can't be deleted from Storage Service when the PIN is removed because Storage Service is used for Groups V2.

When the PIN is deleted, a random master key is generated on device and used to encrypt data sent to Storage Service, but this time the master key is not encrypted with a PIN and uploaded to Secure Value Recovery.

[paulmillr]

So, if there is no more PIN, the groups are not encrypted and can be retrieved from the server?

[orazioedoardo]

the groups are not encrypted and can be retrieved from the server?

I think groups are recovered through interaction with other groups members, as said above, whereas they are recovered on install if you have the PIN. After all members still see you in the group.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[paulmillr]

no

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[paulmillr]

?

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[paulmillr]

Meh