Signal Phone Numbers Exposed in Twilio Hack

Twilio was hacked earlier this month, and the phone numbers of 1,900 Signal users were exposed:

Here’s what our users need to know:

  • All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected.
  • For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio. 1,900 users is a very small percentage of Signal’s total users, meaning that most were not affected.

We are notifying these 1,900 users directly, and prompting them to re-register Signal on their devices.

If you were not notified, don’t worry about it. But it does bring up the old question: Why does Signal require a phone number to use? It doesn’t have to be that way.

Tags: , , ,

Posted on August 23, 2022 at 6:30 AM25 Comments

Comments

Alan August 23, 2022 6:54 AM

I’m guessing Signal wants your phone # so they can connect users with each other using the existing contact info on their phones. This allow Signal to show you a list of your existing contacts that are also on Signal, and makes is easier for you to find and communicate with them. Signal also prob has some mechanism of verifying your cell #, which makes it harder for an attacker to impersonate you. If Signal instead used a unique Signal-only user ID, then you would have to txt or email that user ID to each person you wanted to communicate with via Signal, which would then make Signal more vulnerable to impersonation and phishing attacks.

BarbossHack August 23, 2022 9:07 AM

Why does Signal require a phone number to use?

Accessibility (like @Alan said).

Signal is the successor of “TextSecure” which aimed to provide encrypted text messages (sort of “secure SMS”), it was easier to attract people to secure their SMS conversations by allowing them to register with the same phone number they used to send non-secure SMS. Moreover, it’s easy to start new conversations with the peoples you know because you already have their phone number, so you don’t have to exchange your emails or account id. Phone number is the only “universal” identifier (you can create dozens of email accounts, not be registered on every social media (if you think sso), but at the end, everyone has a phone number).

However, times have (or will) changed, I think people could now understand the advantage of not using their phone numbers (which is: anonymity, not security, as you can lock your Signal account with a NIP, which should be mandatory).

Michael Hendricks August 23, 2022 9:39 AM

Signal has been working to remove their dependence on phone numbers. For example, they recently finished implementing a faster ORAM layer (see their blog post) which is a big step in that direction. Part of the delay is that Signal really, really cares about keeping your info private. That makes everything more difficult for them, even supporting usernames.

TexasDex August 23, 2022 9:43 AM

I imagine it’s at least in part an anti-abuse/anti-spam measure. Verifying that a phone number can receive texts isn’t a perfect way of making sure you’re dealing with a real person, but it’s a start, and it’ll keep out many basic script kiddie attacks, impersonation attempts, etc.

Clive Robinson August 23, 2022 10:06 AM

@ Bruce, ALL,

“Why does Signal require a phone number to use? It doesn’t have to be that way.”

Require from a “Technical viewpoint” no they do not, though it does make a number of things simpler as it providers an internationally unique identification number.

But it is not the technical viewpoint where more serious requirments occur.

Signal is a product with a reach that is “international”. Which in return means there are national juresdictional issues to consider, and that’s not just something you can wave away. Some nations require by rules, regulation, and legislation, that all calls made or received in their jurisdiction be directly associared to an individual.

I suspect it won’t be to long before more countries come up with just such rules, regulations, and legislation, for all types of electronic based communications, by private citizens.

Carl Mitchell August 23, 2022 9:26 PM

As others mentioned, Signal uses phone numbers to avoid users needing to upload their contacts to build a “social graph”. They can’t leak what they don’t have, so doing contact discovery entirely on the client phones is safest. The best alternative they’ve come up with so far has used Intel SGX to try to do secure computation on their servers in a way that even their cloud provider can’t get the user data, but SGX keeps getting broken by side-channel attacks, so that’s not a great way forward. FHE is too slow for practical use.

If someone comes up with an alternative to phone numbers that allows keeping the social graph secret while keeping the ease of use (no need to manually build up another contacts list), I’m sure Signal would use it. Nobody has designed such a system yet.

Clive Robinson August 23, 2022 11:11 PM

@ Carl Mitchell, ALL,

“Nobody has designed such a system yet.”

It’s actually a very hard problem, and may be impossible to do.

Worse it needs other very hard problems to be solved first to give it the foundations it requires.

Just one such foundation as I’ve mentioned before is,

“An Anonynous Rendezvous Protocol for both parties being mobile and with no tracable to either party directory use by a third party.”

It in turn requires,

1, A fully anonymous directory.
2, A fully anonymous communications protocol.

Whilst we do know of ways to partially achive the latter, we’ve made little or no progress on the “Fully Anonymous Directory”. Thus no real progress on the “Fully Anonymous Rendezvous Protocol”, and so on up.

When you get down to though the key problem that has to be solved is the exchange of a “root of trust” in both a secure[1] and fully anonymous way[2].

Currently that is not possible, even though many mistakenly think it is.

[1] To achieve a secure transfer of a “root of trust” needs a “secure communications channel”. That is a “Turtles All the Way Down” issue unless you can stop all evesdroping (in which case you do not need the “root of trust” hence QKD works but is currently impractical). So currently we either “meet in person” and hope we are not observed, or we rely on the unproven conjecture of “Trapdoor – One Way Functions”(T-OWFs) being actually secure.

[2] Even though we use “Trapdoor – One Way Functions”(T-OWFs) for every HTTPS connection and thus almost every online financial transaction, T-OWFs are not in any way anonymous. Worse if you try to make them so they fail to be secure from evesdroping due to Eve being able to do a “man in the middle” attack.

Common sense August 23, 2022 11:20 PM

“But it does bring up the old “question: Why does Signal require a phone number to use? It doesn’t have to be that way.”

Mandatory phone number usage is a CATASTROPHIC BLUNDER from a so-called secure messaging app.
You cannot rely on well known vulnerable technologies. Also phone numbers lines can be hijacked legally in most countries within minutes even without a warrant or exploiting vulnerabilities.
There are other safer messaging apps which don’t need phone number registration.

MrC August 24, 2022 1:07 AM

@ Clive, re: A fully anonymous directory:

Well, the obvious solution is fleet broadcast. All users get a full copy of the directory and do their look-ups locally. Unfortunately, this doesn’t scale well if the directory gets too big, and there doesn’t seem to be a good way to give users some subset of the directory without leaking info.

If each user is supposed to have a 1/nth subset of the directory, chosen at random aside from their contacts, then the attacker knows with 1-((1/n)^2) probability that two users whose addresses are in each other’s directory subsets are contacts. How does the attacker get that knowledge? If users have to contact a central server for their directory subsets, then the attacker gets that knowledge by suborning the server. If a P2P sharing protocol is used to eliminate the central server, then the attacker gets that knowledge by repeatedly querying a peer to infer what that peer’s directory subset includes. That could be stymied by using a P2P onion protocol, but then you’ve just reinvented TOR and all if its traffic analysis problems.

So how about if we make the directory subsets non-random? How about we reinvent the local phonebook by letting users join and subscribe to mini-directories based on geography, hobbies and interests, or other “natural” groupings? So, for instance, you could subscribe to the Washington DC mini-directory, the English-speaking electrical engineers mini-directory, and the English-speaking pokemon fan mini-directory. This would solve the problem that two people appearing in each other’s directory subsets must (to a high degree of probability) be contacts. But it may create other problems. That “English-speaking pokemon fan” mini-directory might be too large, returning us to the earlier scaling problem. There would also be the problem that joining or subscribing to certain mini-directories could itself attract unwanted attention. You can’t very well sign up for the “Winnie the Pooh fan club” mini-directory if you ever plan to set foot in China. Persecuted groups could get around this by secretly agreeing to piggyback on a more benign-looking mini-directory, but if they have the ability to make such secret agreement, they could just exchange keys directly over that channel, so we must assume they can’t do so.

So, basically, we’ve come a full circle and we’re back at the beginning.

(As for Signal’s ORAM work, bah! With or without it, their privacy model all boils down to blind trust in the server. The user has no way to verify that this ORAM thing works, or that they’re even really using it in the first place, or that some mole hasn’t tapped its I/O. It seems like their privacy guarantee is basically “we can’t see your contacts, even if we want to, unless we choose to disregard our promises that we’re using this ORAM thing or that it works the way we say it does, but we promise we won’t.”)

Clive Robinson August 24, 2022 2:29 AM

@ MrC, ALL,

Re : Anonymous Rendezvous Protocol.

“So, basically, we’ve come a full circle and we’re back at the beginning.”

That’s what many people conclude and stop.

However if you back up a bit Tor is not the only anonymous network protocol out there. The fact it is probably the worst thus easyiest to perform traffic anaysis on because it was designed quite deliberately from the get go for minimum latency and mininum bandwidth usage.

So let’s assume we can have an anonymous network that does not leak.

Where do we go from there?

Winter August 24, 2022 4:53 AM

@Clive

Where do we go from there?

If you want to contact someone you know in person on an anonymous network, you need to exchange a private identifier. That brings back everything related to security key exchange.

In short, I think there is no way to securely find someone on a fully anonymous network unless you can exchange a private identifier, e.g., a phone number.

Clive Robinson August 24, 2022 8:46 AM

@ Winter, ALL,

“In short, I think there is no way to securely find someone on a fully anonymous network unless you can exchange a private identifier, e.g., a phone number.”

Phone numbers are in no way private, they are known to atleast two other parties,

1, The service provider (retailer).
2, The network provider (carrier).

And it is known they make them available to whom ever for profit. Thus you can assume most “Data brokers” know them as well.

There are two ways to find someone,

1, Knock on doors and ask.
2, Look them up in a directory.

The first does not scale, the second “is assumed not to be anonymous”.

Whilst the first is true the second is actually not.

That is it is possible to build a directory system where the holders of the directory can not use it to deanonymize users.

It’s what Signal were trying to do and failing with the supposed “Secure Enclaves”. But you do not need to use secure enclaves to achieve the anonymity just work out a way to make a distributed one way system.

We know how to make some of the required pieces, we have not yet worked out how to do it yet.

To give you an idea we know how to make “M of N Shared Secret” systems and we know of several secure one way functions that are in effect one way crypo-hash functions.

It is fairly easy to see how you could have a whole bunch of seperate databases each holding just one of the M of N shared secrets. So say you had fifty databases and you used 5 of 10 shared secrets. You populate each of the fifty databases with just one chosen at random N share.

The question is then how do you index this, well you can use a double key system. One acts as a short “Primary key” to a “group of records” that hold the second “distinquishing key” and the randomly selected “shared secret” share.

Provided the “Primary Key” is generated by the use of a secure one way function the database holder does not know who the “distinquishing key” and “shared secret” belong to.

All a person who wants to get the shared secret has to do is have the right information to put in one way function to generate the two keys.

A not to disimilar system has been used by anonymous Email systems, where you use say “winter.spring.summer.au” as your private email access address to access the database where your public email address under which the email is stored is say the MD5 hash of the private access address.

Yes I know this moves the problem to still having to have a “shared knowledge token” but it shows we can build an appropriate directory structure that has some measure of anonymity.

Then there is the notion of “singely linked lists” to consider. They are in effect a weak oneway function in that it’s easy to move in one direction but not the other.

Imagine the database is infact temporal that is you have a trail of entries from old to new each storing an old position that gets you step by step to your current location.

Back in the 1980’s the cellular neywork found users by starting off from the switching center database and walking down into steadily more local databases untill it reached a network leaf that then “knocked on doors”. The DNS system sort of works in a similar way.

It’s not hard to see that these structures could be built with sufficient anonymity built in.

So we know we can build the bits, the two questions are,

1, Can it be secure and anonymous.
2, Can we do away with the secret.

I’m reasonably certain the first can be done.

The second can also be done by a form of secure broadcast message that acts as an echo.

The issue is scaling it up.

Denton Scratch August 24, 2022 9:16 AM

Re. the link to American Conservative:

I know nothing about the site, and I thought the article was reasonable, and not political.

If intruders really want your secrets, they’ll get them.

Not really. Not if you keep them to yourself (and refrain from sharing them with your computer or phone).

You can store your secrets securely if you encrypt them; but you then have to do risk assessments, which John Doe isn’t equipped to do. And you have to have some idea of what encryption techniques are being used, and whether they’re being used properly. My most-secret secrets exist only in my head, including the key for my (offline) password manager database.

Of course, you might have more secrets than you can memorize; perhaps you have a storeroom full of them, in a cupboard in your Mar-A-Lago apartment. Then you need to hire a security consultant; John Doe can’t handle that load. And you probably need a second consultant, to keep tabs on the first one. Turtles all the way down, if you’re truly paranoid.

It’s best to have no secrets that are more serious than “rather embarrassing”.

Quantry August 24, 2022 12:40 PM

@ DS

“My most-secret secrets exist only in my head”

Sleeping beauty gets quite chatty after Clopsie visits with barbital etc. I like the “Ghandian Transparency” idea better. The recent global ‘fascist obsession’ with surveillance gaurantees lawless thugs currently hold the trump cards.

Signal is a myth, a precautionary layer at best, without sharing Symetric OTP with yer correspondent, and using on an air-gapped device, (in my freakwently humbled opinion), in a way similar to Frank Miller’s methods. ‘https://fermatslibrary.com/s/frank-miller-inventor-of-the-one-time-pad

Denton Scratch August 24, 2022 4:07 PM

@Quantry:

Sleeping beauty gets quite chatty after Clopsie visits with barbital etc.

Interesting name, Clopsie.

Thing is, she has to ask me a question. If all she can do is to get me to vomit up the entire contents of my memory, she’s in a worse place that when she started.

I’ve no reason to believe that phenobarbital is an effective truth serrum; it’s simply a major tranquilizer. 40 years ago it was used to control psychosis, but nowadays it’s banned just about everywhere, because the LD50 is too close to the effective dose. What it would do is lower your psychological defences. But you still need a question.

I’m just visualizing me as this “Sleeping Beauty”, bombed out on barbs, and getting “quite chatty”. I could spew meaningless words for hours; I mean, that’s what I do, whenever anyone’s listening.

Not sure about the barbs. I think I’d probably stash them, for some time when I wanted to die. There are better, safer drugs these days.

MrC August 24, 2022 8:06 PM

@ Clive:

Where do we go from there?

If we really truly have an anonymous network protocol, then: Build a P2P protocol on top of it. Distribute the entire directory over this P2P network, which each client aiming to store some reasonable X% of the whole. The attacker has no way to see which chunks you request from others, nor to specifically ask you for a specific chunk to see if you have it…

And, oh dear, I’ve just broken that idea as I was writing it down… An attacker in a privileged network position could DOS all your other connections to force your responses to align with the collection of chunks you actually have. (Then do the same to your potential contact and see if you both have each other’s addresses, suggesting with high probability that you two are contacts.)

Well, I suppose we still have the very simple: If you have an anonymous network protocol, just anonymously proxy all address look-ups to the central server.

Clive Robinson August 25, 2022 1:36 AM

@ Denton Scratch, Quantry,

Interesting name, Clopsie.

Yes, it is odd to see it.

I don’t know if you know but in some circles it’s also used as a slang name for the not often used medication “Clopsine”. Which is a “second generation” or “atypical antipsychotic” used for those considered at high risk of suicide.

How it actually works like most antipsychotics is unknown[1]. That is the thinking is it may work by affecting certain chemicals in the brain, which in turn has an effect on thinking, mood, and thus behavior…

It’s also considered a high risk drug in that anyone with a heart condition or diabetes and similar age apparent disease are considered at risk. So it’s use has tended to be on younger people with severe anxiety.

Hopefully new research on the use of certain natural chemicals like psilocybin will show safer results,

https://www.theguardian.com/science/2021/nov/07/will-the-magic-of-psychadelics-transform-psychiatry

There are a lot of people who potentially could benift (as high as one in four in some Western Societies). Also the friends and loved ones of severe PTSD and hypervigilance with chronic depression from fighting wars don’t want to loose them prematurely.

[1] A very recent study on “serotonin uptake inhibitors” has shown that although they don’t effect serotonin levels, they do however still do work as antipsychotics…

tfb August 25, 2022 2:11 AM

Signal really is lovely. Imagine I am president Evil (I will call myself ‘Vladimir’ for short), and I have an enemy, who I will call ‘Alexei’. I suspect Alexei is using Signal, and if he is that’s certainly a good reason to go after him. I know Alexei’s phone number because, well, I’m president Evil, of course I own the phone company. So I buy a phone whose number Alexei does not know, I add Alexei’s number to the contacts on that phone, and I install Signal on it. And Signal now tells me that yes, Alexei is indeed using Signal. And of course, it gives him no hint of this, because my burner phone is not in his contacts.

Well, probably Alexei is not naïve enough to use Signal, but imagine someone who is being abused by their partner and wants a way of ‘securely’ talking to some support person. It is just absolutely trivial for their partner, via a burner phone, to know if they install Signal, even briefly.

Signal is security theatre.

tfb August 25, 2022 6:59 AM

@Winter

And then I send in my goons, because using secret messaging systems is not something I, as president Evil like people doing.

If you really do not understand that a supposedly-secret communication system which freely and undetectably tells anyone who cares to know that you are using it is a problem then, well, I give up.

Winter August 25, 2022 9:20 AM

@tfb

And then I send in my goons, because using secret messaging systems is not something I, as president Evil like people doing.

Vladimir et al. really only care about what you do or publish. If they have suspicions severe enough to go to the trouble to check whether you use Signal [1], they already have wiretaps all over you to find out every contact you have. Using Signal is at that point rather irrelevant.

[1] Goons can check whether you use Signal easily by looking into your phone. Chinese police is known for randomly/comprehensively checking phones of Uighurs and deinstalling all unwanted apps.

Clive Robinson August 25, 2022 10:08 AM

@ Denton Scratch,

“I don’t think anyone has invented a real antipsychotic drug; all they can do is sit on you hard until your episode is over, and a therapist can talk to you. Major tranks are how they “sit on you”. Psychotic illness isn’t at all well understood (nor is depression or phobia).”

That about sums it up for psychiatry currently.

However something to think about.

PTSD, Depression and other psychiatric disorders are on the rise.

The level of rise is not realy due to “better recognized”.

Therefore consider that it is a “lifestyle” issue that includes the environment which effects what we injest in various ways.

It’s known for instance that the levels of Omega 3 an essential brain lipid has fallen to about 1/20th in our raw foods due to the way we intensively farm it.

Therefore it’s reasonable to argue that our brain function may well be deficient due to a lack of natural chemicals due to modern food and water production and processing.

For all the nonsense on the “War on Drugs” that started in the 1970’s US Mental health in particular has been on a significant decline, not found in other parts of the world where food production is less processed.

It’s not just one species of mushroom where psychoactive chemicals are found… Many species we regularly eat in the potato family (Solanaceae, nightshade genus) in their wilder forms contain them. Likewise the grasses from where we get grains. Also cabbages (brasica genus) and many fruits.

Heck even the lettuce you buy from the supermarket contains a central nervous system effecting chemical,

https://galensgarden.co.uk/vegetables-for-herbivores/lettuce/

Not as much as in wild varieties because we’ve “bred it out” in return for faster growth etc etc.

Thus I’ve a suspicion that some of the chemicals missing from our diet may be making us more vulnerable to mental health issues.

So “puting them back” may well be an effective preventative to mental health disease that is now beyond epidemic levels in the Western World.

Hey if eating just one rehydrated wild mushroom once a week in a salad lifted the depression I’ve had for two decades, I’d be very happy to give it a try. As I’m sure a lot of other people would as well.

Quantry August 25, 2022 1:35 PM

@ Denton Scratch, wasn’t disagreeing with your memorization strategy, mostly.

(psych) clops: clandestine ops

“barbital, etc.” Emphasis on etc.

(On Clopsian methods, they’ve never introduced themselves, nor told me about their many expensive devices, although it shouldn’t be hard to pay a return visit… if you are looking for permanent lodging.)

While Signal may help us find best-compromise peace, I still recommend folks be realistic about having [less] secrets, and if you do need to send launch-codes over the net, consult Frank Miller.

vas pup August 25, 2022 3:58 PM

Tag -hacking

Russia Claims It ‘Hacked’ HIMARS Rocket Launchers. That’s Probably a Big, Fat Lie

https://finance.yahoo.com/news/russia-claims-hacked-himars-rocket-174600937.html

“The American system has been hacked,” Leonov announced to his television audience, “and our secret development will be deployed in all directions. A good system, I can’t name it yet, but it works at much greater distances, instantly fixing the launch site. For the Americans, this was a very unpleasant surprise.”

Ukraine currently operates 16 M142 High Mobility Artillery Rocket Systems, or HIMARS, donated by the United States. HIMARS consists of a medium-sized tactical truck that can carry up to
six 227-millimeter =>GPS-guided<= rockets and launch them a distance in excess of 43 miles. Each rocket has a 200-pound, high-explosive warhead, and GPS guidance ensures each rocket can land
within 16 feet of the designated aiming point.

One is that Russian forces are using counter-battery radars to detect HIMARS launch locations.

Counter-battery radars search the skies for enemy artillery rockets and shells in flight. Once a counter-battery radar detects incoming artillery projectiles, it can then extrapolate a
likely launch location. This information is then passed on to friendly artillery that then bombard the location, ideally catching the enemy artillery before it moves to a new firing
position.

Could Russian counter-battery radars help destroy HIMARS systems? Absolutely. Counter-battery radars like the Zoopark-1 can detect six 13-foot-long rockets soaring into Russian-held
territory. HIMARS is a wily target, however: the M142’s truck chassis, the use of GPS to quickly lay in a HIMARS firing position, and Ukraine’s excellent network of paved roads mean
that a HIMARS truck can quickly “shoot and scoot” before Russian artillery can rain down on its position.

Leonov’s use of the word “hack” implies Russian forces somehow penetrated the HIMARS system itself. This could be in reference to Russian hacking of the HIMARS communication system, navigation and targeting system, or the truck’s computer system. None of this is very likely, though: the American-made SINCGARS VHF communications system in use by Ukraine is difficult to detect, and Russian forces cannot “instantly” pinpoint the location of a single user.

The navigation and targeting computers likely only receive data, broadcasting no detectable radio-frequency signal. HIMARS does use an internal computer system, but it is unlikely it broadcasts signals detectable by Russian forces at range. The likelihood Russian forces have hacked HIMARS is right around zero."

Q: Where is Russian spy satellite system to cover by cone big battle territory and analyze by AI those images thereafter. Yes, it is not respond to the current rockets but to predict future?

Regarding hacking: EarthLink hacking is not less important than hacking GPS. In a future HIMARS should utilize both for more viability.

No emotions – just logical analysis.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.