Key Points: U.S. Government’s Response to Massive Cyberattack
One key recommendation in the guide is to use end-to-end encryption, a method that ensures communications are more secure from potential cyber threats.
The federal government recently exposed a significant hacking campaign known as Salt Typhoon, which infiltrated major U.S. telecom companies, including AT&T and Verizon, and is believed to have been orchestrated by China.
Although the primary targets of the cyberattack were high-value individuals, including government officials, the FBI, CISA, and the NSA issued a joint guide to help Americans enhance their cybersecurity in the wake of the breach.
Think Twice Before Sending Your Next Text: Why End-to-End Encryption Matters
Consumers use a variety of messaging apps every day, from Apple’s iMessage to Google Messages, WhatsApp, and SMS. But the level of protection for these services can differ significantly. Following a major cyberattack on U.S. telecom companies, the U.S. government is urging citizens to reconsider their communication methods, recommending the use of end-to-end encryption for enhanced security.
Salt Typhoon Hack and Government Concerns
Last month, the Cybersecurity and Infrastructure Security Agency (CISA) and FBI revealed a hacking campaign called Salt Typhoon, believed to be orchestrated by hackers associated with China. The attack targeted major U.S. telecom companies such as AT&T and Verizon, making it one of the largest cyberattacks on U.S. infrastructure in history. In response, government agencies issued a joint guide on protecting Americans from similar threats, with one key recommendation being the adoption of end-to-end encryption for messaging.
What Is End-to-End Encryption?
End-to-end encryption ensures that only the intended recipients can read the messages you send. Even if hackers intercept the message during transmission, it remains unreadable without the decryption key. This form of encryption is vital for protecting communications from surveillance and unauthorized access. Messaging apps like WhatsApp and Signal provide this encryption by default, making them highly secure options compared to older methods like SMS and MMS, which lack encryption.
The Best End-to-End Encrypted Apps
However, Signal’s relatively small user base may limit its usefulness for some, as it’s not as widely adopted as WhatsApp. Additionally, Threema, a paid app offering end-to-end encryption, is another option, although convincing friends and family to pay for it could be challenging.
WhatsApp and Signal are among the most secure messaging platforms. These apps automatically encrypt messages end-to-end, making them less vulnerable to hacking. Signal stands out for its strong privacy emphasis, as it collects minimal user data.
RCS and iMessage Encryption
Many newer messaging platforms support RCS (Rich Communication Services), a more advanced form of messaging that offers the potential for end-to-end encryption. However, not all RCS messages are encrypted by default. Google Messages, for instance, supports end-to-end encryption for messages sent to other users on RCS, but this encryption does not extend to iPhone users. Apple’s iMessage does provide end-to-end encryption, but only between iMessage users. When communicating with Android users through SMS/MMS, encryption is not available.
Encryption Gaps in Facebook Messenger
Though Facebook Messenger offers end-to-end encryption in some cases, it’s not universal. Encryption is unavailable for certain types of conversations, such as those involving Facebook Groups, business accounts, or Marketplace chats. This inconsistency makes it essential for users to understand exactly how encryption works in the app they’re using.
Google vs. Apple: Encryption Limitations
- Google Messages supports end-to-end encryption when communicating with other RCS users but does not provide encryption for SMS messages, such as those sent to iPhone users.
- Apple iMessage supports encryption for messages sent between iPhone users, but it doesn’t offer the same level of protection for messages exchanged with Android users via SMS/MMS.
There are efforts underway to improve RCS interoperability, allowing end-to-end encryption across platforms. However, these changes are still being developed and are not yet fully realized.
The Ongoing Risks and How to Stay Secure
Despite its advantages, end-to-end encryption isn’t foolproof. If a device is compromised, hackers may still access encrypted messages. Consumers must ensure their devices are up-to-date and secure by installing software updates, avoiding suspicious downloads, and periodically rebooting their phones.
Moreover, many people are unaware of how to properly enable end-to-end encryption in their messaging apps. It’s crucial to check your settings and ensure encryption is turned on for each app you use, especially when transitioning to a new device.
In conclusion, while end-to-end encryption isn’t a guarantee against hacking, it’s an essential tool in protecting your communications from unauthorized access. As Kory Daniels, Global CISO for Trustwave, says, “If the masses are still using unencrypted communication methods, [bad actors] will continue to exploit the opportunity until users evolve their digital behaviors.”