Signal, an end-to-end encrypted messaging platform was recently blocked by the Iranian government.
To help its users bypass censorship in Iran, the company suggested a TLS proxy workaround.
However, multiple researchers have now discovered flaws in the workaround that can let a censor or government authority probe into Signal TLS proxies, rendering these protections moot and potentially bringing repercussions for Signal users located in repressive regimes.
The researchers who reported these flaws via Signal’s GitHub repository have been banned by the company with their reported issues removed.
Signal workaround comes with risks for users
In a recent blog post titled “Help users in Iran reconnect to Signal,” the company suggested a workaround that users in Iran could deploy to bypass the government’s censorship of the Signal app.
The users could, according to the company, set up a TLS proxy using code from Signal’s GitHub repository and route their connections through it, to fly under the government’s radar.
In an ideal world, an Iranian user of Signal could execute a few commands on their computer, setup Signal’s proxy, and tweet #IRanASignalProxy.
However, on analyzing the code in the repository, researchers DuckSoft and studentmain found various issues that can enable a censor, such as law enforcement agency, to easily detect Signal proxies and either trace back the traffic to the users or block the proxies altogether.
This could happen due to how the SSL/TLS tunnel is deployed with the certificate revealing the IP address and plaintext information in the Server Name Indication (SNI) field.
“Connecting to a Signal Proxy will only need the domain name of the server.”
“From a censor’s view, when the traffic of the proxy passes, the visible information is the IP and the cleartext Server Name Indication (SNI) in TLS ClientHello, which exactly corresponds to the domain name of the server,” DuckSoft and studentmain told BleepingComputer in an email interview.
The researchers shared a Proof-of-Concept (PoC) exploit capable of demonstrating this hypothesis, and proposed fixes Signal could adopt.
They further explained to BleepingComputer if a censor is skeptical of a connection, they could come up with ways to verify if what they are seeing is Signal traffic.
To do so, a censorship authority can set up a Signal Client, and try connecting to this proxy.
“If this domain from SNI actually works as a Signal Proxy [on connecting to this Signal Client], then it must be a Signal Proxy.”
“And if it’s a Signal proxy, the proxy can get blocked instantly, and, some bad things could happen to people who’ve accessed the proxy in a repressive regime since authorities have the ability to keep track of everyone’s network log,” continued the researchers during the interview.
This is not the only way to identify Signal proxies though, the researchers explain.
“Censors don’t really have to use true Signal Clients. This proxy works when the proxied TLS traffic is targeted at Signal servers.”
“Censors can just use this proxy and see if this can connect to Signal Servers or not,” the researchers told BleepingComputer, pointing to the nginx server configuration files present in the company’s code base (archived).
For example, a Signal proxy server will only accept traffic from Signal’s permitted domains and deny traffic from Telegram or any non-Signal domains, thereby unmasking its true purpose.
When asked by BleepingComputer, why did the researchers skip the standard responsible disclosure process and went public with the flaw, the researchers said:
“There are two reasons: Signal is known very ineffective at processing emails, there is Frolov’s example. Secondly, the TLS proxy is new. We thought we could stop them before it’s widely deployed. We took ~1hour to finish the report and PoC, and submitted just after about a few hours when Signal published the post.”
“Iran people [sic] can’t wait months. Immediate abortion of this easily detected TLS proxy would have been the best plan,” the researchers told BleepingComputer.
In a phone call with Signal’s founder, Moxie Marlinspike, BleepingComputer was told that there is no risk from using the proxy and that the researchers’ disclosure is an obvious concern of using such implementations.
Marlinspike explained that any proxy can be probed on the internet, and at most, a party could identify if a user was connecting to Signal. Marlinkspike further explained that this would be no different for any other end-to-end encryption messaging app.
When BleepingComputer asked why