1. 11
  1.  

  2. 3

    So, what does this mean for Signal?

    1. 1

      Lots of discussion on this at the moment. It means that Secure Value Recovery could be used by a malicious Signal server to exfiltrate user data while attesting to some benign version of the code. That user data could be used to “recover” someone else’s Signal account.

    2. 2

      Another attack that leaks the private attestation keys in SGX. While this is “just another exploit” it really cements in my mind that SGX can only be relied on as a secondary layer of security.