
Apple-Signal Bug, NCSC recommends passkeys, Open Source debate
From Blue Security by Andy Jaw & Adam Brewer
April 28, 2026 · 34 min · Season 6 · Episode 32
About this episode
Andy and Adam discuss a vulnerability in Signal, the endorsement of passkeys by the NCSC, and challenges in open source software security.
Summary In this episode, Andy and Adam discuss a recent vulnerability in the Signal messaging app that allowed the FBI to recover deleted messages from an iPhone due to a flaw in Apple's notification system. They emphasize the importance of user settings and the need for regular updates. The conversation then shifts to the UK National Cyber Security Centre's endorsement of passkeys as a preferred login method for consumers, highlighting the shift away from traditional passwords. Finally, they address the challenges of open source software security, referencing Marcus Hutchins' insights on the lack of bug bounty programs and the potential risks associated with unmonitored code. ---------------------------------------------------- YouTube Video Link: https://youtu.be/yXuUc32MPL4 ---------------------------------------------------- Documentation: https://arstechnica.com/tech-policy/2026/04/apple-stops-weirdly-storing-data-that-let-cops-spy-on-signal-chats/ https://www.infosecurity-magazine.com/news/ncsc-backs-passkeys-new-era-of/ ---------------------------------------------------- Contact Us: Website…
People in this episode
Hosts: Andy Jaw, Adam Brewer
Topics covered
- Signal vulnerability
- passkeys
- open source security
- Apple notification system
- cybersecurity
Keywords
- Signal
- FBI
- passkeys
- Apple
- open source
- cybersecurity
- Marcus Hutchins
Mentioned in this episode
Organizations: Signal, FBI, UK National Cyber Security Centre
Products: passkeys, Apple
More episodes of Blue Security
- What's new in Entra, Facebook privacy settings · June 9, 2026 · 32 min
- BitLocker bypass, Verizon DBIR report, & CISA key leak · June 2, 2026 · 41 min
- Control the Agents, Find the Bugs - Microsoft's AI Security Double Play · May 26, 2026 · 33 min
- You Can't Patch Fast Enough: Exchange Zero-Day and Tycoon2FA Strike · May 19, 2026 · 30 min
- You Can't Patch Fast Enough: Exchange Zero-Day and Tycoon2FA Strike · May 19, 2026 · 30 min
- Lockdown Mode Success, Howler Cell, and Entra Conditional Access · May 12, 2026 · 47 min
Explore listener stats, chart rankings, contacts and more on the Blue Security podcast page.