Signal under fire for storing encryption keys in plaintext on desktop app
Signal under fire for storing encryption keys in plaintext on desktop app
Popular encrypted messaging app Signal is facing criticism over a security issue in its desktop application. Researchers and app users are raising
You're viewing a single thread.
That applies to pretty much all desktop apps, your browser profile can be copied to get access to all your already logged in cookie sessions for example.
IIRC this is how those Elon musk crypto livestream hacks worked on YouTube back in the day, I think the bad actors got a hold of cached session tokens and gave themselves access to whatever account they were targeting. Linus Tech Tips had a good bit in a WAN show episode
And there are ways to mitigate this attack (essentially the same as a AiTM or pass-the-cookie attacks, so look those up). Thus rendering your argument invalid.
Just because "something else might be insecure", doesn't in any way imply "everything else should also be insecure as well".
It is the same concept. Once your machine is pwded you are screwed
That's all hinges on the assumption that your computer is pwned. Which is wrong
You don't necessarily have to have privileged access to read files or exfiltrated information.
That point doesn't matter anyways though because you're completely ignoring the risk here. Please Google "Swiss cheese model". Your comment is a classic example of non-security thinking.... It's the same comment made 100x in this thread with different words
Unless you can list out all possible risks and exploits which may affect this issue, then you are not capable of making judgement calls on the risk itself.