Your Messages Are "Encrypted" — But the FBI Just Read Them Anyway. Here's What Every Perth Business Needs to Know.

Most small business owners believe end-to-end encryption means their messages are completely private. A recent FBI case proves that assumption is dangerously incomplete.

Garry BloomGarry Bloom · Founder & Senior IT Manager
15 April 2026
5 min read
CyberSecurity
ITSupportPerth
SmallBusinessIT
PerthBusiness
Microsoft365
MSPPerth
CloudManagedServices
DigitalTransformation
Intune
SmallBusinessPerth

If your team uses Signal, WhatsApp, or any other encrypted messaging app to discuss clients, finances, or sensitive business matters — this article is essential reading. Not because encryption is broken. But because the way your device handles notifications may be quietly undoing all of that protection.


What Actually Happened

In a recent case in the United States, FBI investigators were able to retrieve deleted Signal messages from a suspect's iPhone — even after the Signal app had been completely removed from the device.

This wasn't a Hollywood-style hack. The FBI didn't crack Signal's world-class encryption, exploit a secret backdoor, or use classified technology. They used a method that is documented, repeatable, and increasingly common in digital forensics.

They looked in the iPhone's push notification database.

Here's what most people don't realise: when a message arrives on your phone and triggers a notification, Apple's operating system quietly stores a copy of that notification's content in a local database — before your app even opens it. Signal encrypts the message perfectly in transit. But the moment it arrives on your device and flashes up as a preview on your lock screen — "Sarah: The tender price is $120,000" — Apple logs it.

Forensic software can extract that database. When investigators did exactly that, they found readable, timestamped, attributed message content — intact, even after the app was deleted.


"But I Use Signal — Isn't That the Gold Standard?"

Yes. Signal is genuinely excellent and remains the most trusted encrypted messaging app in the world. It is used by journalists, lawyers, politicians, activists, and security professionals for good reason. The encryption itself was not compromised in this case.

The problem isn't Signal. The problem is the gap between the app and the operating system.

Signal actually provides a setting specifically designed to prevent this. When enabled, it strips all message content out of push notifications — your lock screen shows "New Message" instead of the actual text. That means nothing sensitive gets written into the notification log.

Most users have never turned this on. Most small businesses have never even discussed it. And that single overlooked default setting is what gave investigators a window into communications that were supposed to be private.


Why This Matters for Perth SMBs

You might be thinking: "This was a criminal investigation. My business has nothing to hide."

That's fair — but consider the full picture.

The same forensic tools used by the FBI are commercially available. Products like Cellebrite and GrayKey are sold to law enforcement agencies globally, have been documented in court proceedings, and their methods are increasingly replicated in lower-cost tools available to private investigators and bad actors.

For businesses handling any of the following, the exposure is very real:

  • Client confidentiality — legal, financial, medical, or HR conversations

  • Commercial pricing and tender information

  • Staff performance reviews or disciplinary matters

  • Banking details or credentials shared over chat

  • Intellectual property or product development discussions

A single device — lost, stolen, or accessed by a disgruntled former employee — could expose months of sensitive conversations. And here is the critical point: this is not just a Signal issue. Any messaging app that displays notification previews, including WhatsApp, Telegram, and Microsoft Teams, can store content in the device notification log. The vulnerability is the device configuration, not the app itself.


The Technical Breakdown — Plain English

Here is exactly what happens when you receive an encrypted message, step by step:

  1. Your contact's app encrypts the message and sends it to Signal's server — fully protected

  2. Signal's server triggers a push notification to Apple's notification service (APNs)

  3. Apple delivers the notification to your iPhone and logs the content in a local database on the device

  4. Your lock screen displays a preview"John: The contract is ready to sign"

  5. Signal decrypts and displays the full message inside the app

Steps 1, 2, and 5 are fully encrypted and secure. Steps 3 and 4 are not. That notification database sits quietly on your device. Forensic tools can extract it — regardless of whether the message was later deleted inside Signal, or even if Signal itself was uninstalled.


The Fix: What Your Team Should Do Today

The good news is that this is entirely preventable with the right configuration. Here is what every staff member and business owner should action immediately.

Signal (iPhone & Android)

Open Signal → Settings → Notifications → Show → select "No Name or Message"
This removes all content from notification previews and stops sensitive text from being logged.

WhatsApp (iPhone)

Go to iPhone Settings → Notifications → WhatsApp → disable "Show Preview"

Microsoft Teams

Open Teams → Settings → Notifications → set message previews to Off

For Business Owners — Enforce It Company-Wide

Individual fixes are a start, but they rely on every single employee doing it correctly. The more effective approach is enforcement at a policy level:

  • Deploy Mobile Device Management (MDM) such as Microsoft Intune to push security configurations across all staff devices automatically

  • Disable lock screen notification previews for all sensitive apps via MDM policy — no employee action required

  • Enable remote wipe on all devices that access company data, so a lost phone doesn't become a data breach

  • Conduct a regular app audit to identify which apps have notification access on company-owned and BYOD devices


The Bigger Lesson: Configuration Is the New Security Perimeter

For years, small business cybersecurity advice was simple: use strong passwords, install antivirus. Then it evolved: enable encryption, turn on two-factor authentication.

In 2026, the frontier has shifted again. The tools your team uses every day — Microsoft Teams, Signal, SharePoint, Outlook — are largely secure out of the box. But "out of the box" is rarely "optimally configured for your business."

The FBI's Signal case is a perfect illustration. There was no sophisticated attack. No phishing. No malware. The vulnerability was a single default setting that no one had changed — and it silently created an exposure that persisted for months.

This is exactly the kind of gap that falls through the cracks in businesses without a dedicated IT team. Nobody did anything wrong. No one was careless. The app was installed, it worked, and the team got on with their day. But the default settings were never reviewed, and that quiet oversight became the biggest risk in the room.

This is the work we do every day for Perth businesses with under 50 staff. Not just keeping the lights on — but proactively reviewing your tools, your configurations, and your communication policies to close the gaps before they become incidents.


Is Your Business Exposed Right Now?

Here is a quick self-assessment. Be honest:

  • ✅ Do you have a documented mobile device policy for all staff?

  • ✅ Are company and BYOD devices enrolled in an MDM solution like Microsoft Intune?

  • ✅ Do you know which apps display sensitive content in lock screen notifications?

  • ✅ Have you reviewed your Microsoft 365 security baseline in the last 12 months?

  • ✅ Can you remotely wipe a staff member's device if it is lost or stolen today?

  • ✅ Do new employees receive a security onboarding checklist before accessing company data?

If you answered "no" or "not sure" to even one of these, your business likely has at least one silent configuration gap — similar to the one that made headlines in this FBI case.


Let's Fix It Together

We offer a free 30-minute IT Security Review for Perth SMBs. We will look at your devices, your Microsoft 365 environment, your communication tools, and your current policies — and give you a plain-English report of what needs tightening, with no obligation and no jargon.

No scare tactics. No lock-in contracts. Just practical, honest advice from a local Perth team that works exclusively with small and medium businesses like yours.

👉 Book your free review at ITSupportPerth.net.au


Garry Bloom
Written by
Garry Bloom
Founder & Senior IT Manager · 25+ years in IT

Garry founded Computer Mechanics — the business behind IT Support Perth — in 1997. With more than 25 years in IT management and support across internal and external service environments, he leads the team's technical direction and its cybersecurity and managed-IT strategy for Perth businesses.

Meet the IT Support Perth team →
Garry Bloom
15 April 2026
5 min read
CyberSecurity
ITSupportPerth
SmallBusinessIT
PerthBusiness
Microsoft365
MSPPerth
CloudManagedServices
DigitalTransformation
Intune
SmallBusinessPerth

Stay Updated with IT Insights

Get the latest cybersecurity tips and technology insights delivered to your inbox

Related Articles

4 IT Gaps Small Businesses Overlook (and How to Close Them)

Most Perth businesses aren't undone by one huge disaster — it's the small IT gaps that stack up: missing MFA, delayed patching, old access nobody removed, and untested backups. Here's how teams under 50 users can close them. From Computer Mechanics, Perth IT specialists since 1997.

5 min read

How to Safely Offboard an Employee (and Protect Your Company Data)

When a staff member leaves, their access is a security risk until it's properly closed off. A practical Perth-business checklist for offboarding an employee without losing data or leaving a door open. From Computer Mechanics, Perth IT specialists since 1997.

5 min read

5 Signs Your Business Has Outgrown Your Current IT Guy

One trusted 'IT guy' works — until it doesn't. Here are five clear signs a Perth business has outgrown break-fix IT and needs a proper managed IT team. From Computer Mechanics, Perth IT specialists since 1997.

5 min read

Need Expert IT Support?

Get personalized advice from our Perth IT experts. Free consultation available.

Related Content

Continue Reading

Explore more insights and expert advice on IT support, cybersecurity, and digital transformation

What’s new in SMB1001:2026?
SMB1001
SMB10012026

What’s new in SMB1001:2026?

SMB1001:2026 updates for Perth SMBs: Mandatory DMARC from Silver tier, 5 maturity levels, Essential Eight alignment. Get certified, cut insurance costs, win tenders—start your roadmap today!

5 min read
2/25/2026
third‑party vendor risk and data‑sharing security for SMBs
CyberSecurity
ITSupportPerth

third‑party vendor risk and data‑sharing security for SMBs

Over 100,000 sensitive parliamentary emails were handed to a private company that had already been hacked—turning a routine data transfer into a major cybersecurity incident. Discover how third‑party vendor risk affects Perth SMBs and learn practical steps to protect your business when sharing data with contractors.

5 min read
4/10/2026
Why Perth SMBs Are Ditching On-Prem Email and Migrating to Microsoft 365
Microsoft365
ExchangeOnline

Why Perth SMBs Are Ditching On-Prem Email and Migrating to Microsoft 365

Discover why Perth SMBs are ditching on-prem Exchange for Exchange Online. Learn how Microsoft 365 delivers reliability, security & BYOD control.

5 min read
4/9/2026