- The FBI has warned Americans to use encrypted messaging apps
- Advice comes in the wake of a cyberattack targeting US telecoms
- Encrypted messages are only as secure as the device receiving them
Tl;DR What should you use?
WhatsApp, Signal and Facebook Messenger all offer end-to-end encryption. If you're on iOS and chatting to people on Apple devices, Messages and FaceTime are safe, but aren't encrypted when talking to non-Apple devices. Regular SMS messages aren't encrypted, and RCS encryption is dependent on who you're talking to.
In the wake of a massive cyberattack against US telecoms operators, the FBI has urged Americans to use encrypted messaging apps to keep their mobile communications secure. But why does that matter?
The warning comes after one of the largest intelligence breaches in US history. Salt Typhoon, a group linked to China, used a new backdoor malware to hack network operators including AT&T and Verizon, spying on the activity of their customers.
Operational from as early as 2022, Salt Typhoon targets government agencies, political figures and key industries in the US. What’s concerning about this latest attack is its scale and severity.
It targeted flaws in cybersecurity products, such as firewalls and VPNs, as well as backdoors used by law enforcement agencies to monitor foreign targets and enforce telephone wiretaps. According to the FBI, once the hackers had compromised these networks, they were able to deploy further malware and gather information, including the contents of phone calls and text messages.
It’s because of this that the FBI has recommended that Americans switch to the best encrypted apps to protect their communications. But what does that actually mean and will encrypted messaging really keep you safe from cybercriminals? Here’s what the experts suggest.
What do the experts say?
In a briefing to reporters, Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), compelled US citizens to use encryption.
“Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” said Greene. “Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.”
The advice was welcomed by privacy experts, who have long advocated for wider use of encrypted communication systems.
Greg Nojeim, a Senior Counsel and Director of the Security and Surveillance Project at the Center for Democracy & Technology, commented: “If anti-encryption advocates had their way, the United States would now be defenseless to this type of mass snooping from a foreign power.”
What the FBI advice doesn’t address is that the Salt Typhoon hack exploited backdoors put in place to allow law enforcement agencies to obtain communication data from suspected criminals.
Cybersecurity experts have long warned that any backdoor access, even if put in place with good intentions, is at risk of being used for nefarious purposes.
Writing in The Conversation, Richard Forno, Assistant Director at the UMBC Center for Cybersecurity, said: “It’s somewhat ironic that one of the countermeasures recommended by the government to guard against Salt Typhoon spying is to use strongly encrypted services for phone calls and text messages – encryption capabilities that it has spent decades trying to undermine so that only “the good guys” can use it.”
What should you do?
According to Forno: “If you want to increase your security and privacy a bit, consider using end-to-end encrypted messaging services like Signal, FaceTime or Messages.”
End-to-end encryption adds an important layer of security to your digital conversations. In simple terms, it scrambles your messaging data into a form that’s unreadable if accessed by a third-party. The contents can only be unscrambled with the key – and only the sender and receiver have that key.
There’s a good chance you’re already using a messaging service which features end-to-end encryption. Apps such WhatsApp, Signal and Telegram are all end-to-end encrypted, as are Google Messages and Apple iMessage.
These options are much more secure than SMS and RCS: because these are unencrypted messaging protocols, they can be easily read if intercepted by cybercriminals.
While end-to-end encryption is important, it isn’t the quite the total solution that the FBI seems to suggest. Because the key to your encrypted messages is held on your device, anyone who can access that device will be able to decrypt and read your messages.
That’s why it’s also important to follow a few fundamental steps to secure your smartphone and other devices. These include keeping your devices updated with the latest software versions. You should also use a strong password as another line of defence against data breaches. To help you, you can use one of the best password generators.
“Make sure you’re not using default or easily guessed passwords on your devices,” advises Forno. “And consider using two-factor authentication to further strengthen the security of any critical internet accounts.”
Two-factor authentication means that anyone trying to access your account will have to fulfil a second layer of security, such as providing a code sent by email.