undefined | Better HN

0 pointsgoodpoint5y ago0 comments

No, the author is right.

There are many cases where an attacker can access a device for a short time and/or without the owner realizing that the phone was tampered with.

0 comments

4 comments · 2 top-level

contravariant5y ago· 2 in thread

Sure, but exactly how would you build something that's robust against that kind of access?

If you leave cryptographic keys lying around unprotected they should be assumed to be compromised.

klyrs5y ago

Signal has a PIN, too. If that's required for the transfer, then it would prevent this in the case of brief, surreptitious access. A hostage scenario is impossible

contravariant5y ago

Well, maybe, but 'brief' is doing a lot of the heavy lifting in that sentence.

1 more reply

staticassertion5y ago

Just because that's possible doesn't mean that it's within Signal's threat model.

j / k navigate · click thread line to collapse