Apple fixes bug that cops used to extract deleted chat messages from iPhones

Apple patches a critical vulnerability that allowed forensic tools to recover deleted Signal messages from iPhones and iPads. | Contesto: cronaca

Punti chiave

• Apple fixes bug that cops used to extract deleted chat messages from iPhones

Contesto

Apple has released a software update to fix a significant security vulnerability that enabled law enforcement agencies, using specialized forensic tools, to extract and read chat messages from iPhones and iPads that users had deleted from the Signal encrypted messaging application. The fix, delivered in a recent iOS and iPadOS update, addresses a flaw in the operating system's data management that left remnants of supposedly erased Signal conversations accessible to investigators long after a user chose to delete them. This discovery highlights the persistent gap between user expectations of privacy and the technical reality of data persistence on modern devices, even within apps renowned for their security focus. The vulnerability specifically affected how the iPhone and iPad operating systems handled data associated with the Signal app. When a user deleted a message within Signal, the app performed its deletion routine. However, forensic tools developed for law enforcement and digital forensics were able to bypass this and recover the message content from unallocated storage space on the device. This recovery was possible because the operating system did not immediately and securely overwrite the data, leaving forensic artifacts that could be reconstructed. The issue was not a flaw in Signal's encryption, which remains intact for stored messages, but in the device's failure to scrub the plaintext remnants of deleted content from its flash memory. This bug represents a profound contradiction for users of Signal, which is explicitly designed to provide ephemeral, private communication. The app's default settings and core promise are built around the idea that deleted messages are gone forever. The existence of this vulnerability meant that a device seized by authorities could yield a trove of messages the user believed were permanently erased, potentially undermining legal defenses and personal security. For years, digital rights advocates and technologists have warned that 'deleted' rarely means unrecoverable, and this incident serves as a concrete, high-stakes example of that principle affecting one of the world's most privacy-conscious user bases. The fix...

Lettura DEO

Decisione di validazione: publish

Risk score: 0.1

Il testo è stato ricostruito dai dati editoriali disponibili senza aggiungere fatti non presenti nel record sorgente.

Indicatore di affidabilità

Verificata — Alta confidenza. Fonti affidabili confermano la notizia.

Il sistema a semaforo

Ogni articolo su DEO include un indicatore di affidabilità:

• 🟢 Verificata — Alta confidenza. Fonti affidabili confermano la notizia.
• 🟡 In evoluzione — Confidenza moderata. Alcuni dettagli potrebbero ancora cambiare.
• 🔴 Contestata — Bassa confidenza. Fonti in conflitto o incertezze rilevanti.

Questo sistema esiste perché chi legge merita di sapere non solo cosa è successo, ma anche quanto la notizia è solida.

Categoria: cronaca