Anonymousabout 3 hours ago
Court testimony in the federal prosecution of nine defendants tied to a July 2025 attack on the Prairieland ICE detention facility in Alvarado, Texas, revealed that the FBI recovered deleted incoming Signal messages from a defendant's iPhone by extracting data from Apple's internal notification storage — a system-level artifact that persists independently of the app. The technique, which used Cellebrite forensic extraction software, did not break Signal's end-to-end encryption but instead exploited the fact that iOS caches notification preview content in a database that survives both message deletion and app removal, raising questions about the security assumptions of Signal's 85 million monthly active users.