Signal, an end-to-end encrypted messaging platform was recently blocked by the Iranian government.
To help its users bypass censorship in Iran, the company suggested a TLS proxy workaround.
However, multiple researchers have now discovered flaws in the workaround that can let a censor or government authority probe into Signal TLS proxies, rendering these protections moot and potentially bringing repercussions for Signal users located in repressive regimes.
The researchers who reported these flaws via Signal’s GitHub repository have been banned by the company with their reported issues removed.
Signal workaround comes with risks for users
In a recent blog post titled “Help users in Iran reconnect to Signal,” the company suggested a workaround that users in Iran could deploy to bypass the government’s censorship of the Signal app.
The users could, according to the company, set up a TLS proxy using code from Signal’s GitHub repository and route their connections through it, to fly under the government’s radar.
In an ideal world, an Iranian user of Signal could execute a few commands on their computer, setup Signal’s proxy, and tweet #IRanASignalProxy.
However, on analyzing the code in the repository, researchers DuckSoft and studentmain found various issues that can enable a censor, such as law enforcement agency, to easily detect Signal proxies and either trace back the traffic to the users or block the proxies altogether.
This could happen due to how the SSL/TLS tunnel is deployed with the certificate revealing the IP address and plaintext information in the Server Name Indication (SNI) field.
“Connecting to a Signal Proxy will only need the domain name of the server.”
“From a censor’s view, when the traffic of the proxy passes, the visible information is the IP and the cleartext Server Name Indication (SNI) in TLS ClientHello, which exactly corresponds to the domain name of the server,” DuckSoft and studentmain told BleepingComputer in an email interview.
The researchers shared a Proof-of-Concept (PoC) exploit capable of demonstrating this hypothesis, and proposed fixes Signal could adopt.
They further explained to BleepingComputer if a censor is skeptical of a connection, they could come up with ways to verify if what they are seeing is Signal traffic.
To do so, a censorship authority can set up a Signal Client, and try connecting to this proxy.
“If this domain from SNI actually works as a Signal Proxy [on connecting to this Signal Client], then it must be a Signal Proxy.”
“And if it’s a Signal proxy, the proxy can get blocked instantly, and, some bad things could happen to people who’ve accessed the proxy in a repressive regime since authorities have the ability to keep track of everyone’s network log,” continued the researchers during the interview.
This is not the only way to identify Signal proxies though, the researchers explain.
“Censors don’t really have to use true Signal Clients. This proxy works when the proxied TLS traffic is targeted at Signal servers.”
“Censors can just use this proxy and see if this can connect to Signal Servers or not,” the researchers told BleepingComputer, pointing to the nginx server configuration files present in the company’s code base (archived).
For example, a Signal proxy server will only accept traffic from Signal’s permitted domains and deny traffic from Telegram or any non-Signal domains, thereby unmasking its true purpose.
When asked by BleepingComputer, why did the researchers skip the standard responsible disclosure process and went public with the flaw, the researchers said:
“There are two reasons: Signal is known very ineffective at processing emails, there is Frolov’s example. Secondly, the TLS proxy is new. We thought we could stop them before it’s widely deployed. We took ~1hour to finish the report and PoC, and submitted just after about a few hours when Signal published the post.”
“Iran people [sic] can’t wait months. Immediate abortion of this easily detected TLS proxy would have been the best plan,” the researchers told BleepingComputer.
In a phone call with Signal’s founder, Moxie Marlinspike, BleepingComputer was told that there is no risk from using the proxy and that the researchers’ disclosure is an obvious concern of using such implementations.
Marlinspike explained that any proxy can be probed on the internet, and at most, a party could identify if a user was connecting to Signal. Marlinkspike further explained that this would be no different for any other end-to-end encryption messaging app.
When BleepingComputer asked why the researchers’ concerns did not receive a response, Marlinspike told BleepingComputer that Signal gets a large volume of these reports and has to prioritize issues accordingly.
Researchers banned from Signal’s GitHub
In a rather ironic twist of events, shortly after the researchers had reported their concerns on Signal’s public GitHub issue pages, they were booted out by the repo’s maintainers.
“Hey everyone! Thanks for the interest in this. We normally don’t use [GitHub] issues for this type of discussion, though, and prefer to have that happen over on the Signal community forum,” responded a Signal maintainer, according to the researchers.
On posting the discussion to the Signal community forum as prescribed, the researcher saw their accounts placed on temporary hold.
Furthermore, the issue page filed by the researchers on GitHub was taken down and now returns a 404 (not found) error message.
The researchers have also been banned by the maintainers of Signal’s GitHub repository.
Signal has told BleepingComputer that they had blocked the researchers’ GitHub accounts and took down their issue pages after a series of inappropriate and rude comments posted by the researchers directed at the volunteers, which was in violation of their code of conduct.
A Signal community moderator also clarified, the spam-prevention feature built within the Discourse forum software had “automatically silenced” the account which has since been restored.
But, for a tech company that creates products designed to combat censorship, this move has left the researchers surprised.
“They claimed to help people in censorship, but they in turn censor whistleblowers.”
“Yes, Signal is good at designing robust cryptography. But building a blocking-resistant proxy is more about steganography. They are similar and tightly related, but not the same thing.”
“Almost every proposal [made to Signal to fix this issue] would have worked pretty better if Signal were adopting them.”
“We just hoped that Signal would take the vulnerability seriously. Proxy without concealment means failure in repressive regimes,” DuckSoft and studentmain concluded in their interview with BleepingComputer.
However, some users also expressed that Signal’s removal of the publicly visible GitHub issue may have to do with the fact they are investigating a better solution than this temporary workaround either way and wouldn’t want to give adversaries a head start.