A Snopes fact check is rarely prompted by FBI advice. However, many customers were taken aback by the agency’s urgent message to Americans this month, which is generally described as to quit texting.
Millions of Americans use text messaging services every day, and the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned about weaknesses in these systems.
According to a senior FBI official who spoke to reporters on condition of anonymity during a briefing call on Dec. 3, the United States believes that hackers connected to China’s government, known as Salt Typhoon, are conducting a large-scale and significant cyber-espionage campaign to infiltrate commercial telecoms and steal user data, as well as record phone calls in isolated cases.
Customers might have been surprised by the new advice, but security professionals weren’t.
Jason Hong, a professor at Carnegie Mellon University’s School of Computer Science, told NPR that the computer security world has been discussing topics similar to this for years. For the very reason that there may be snoopers in many infrastructures, you should not depend on these types of unencrypted interactions.
So what should you do to keep your messages private?
During the briefing call, Jeff Greene, CISA’s executive assistant director for cybersecurity, stated that encryption is your friend when it comes to text messages and phone calls. Encryption renders detection impossible, if not very difficult, even in the event that the adversary is able to intercept the data. Therefore, we advise against using simple text.
With complete end-to-end encryption, a message can only be decoded by the sender and the recipient—not by the business or anybody else. Since 2016, it has been WhatsApp’s default setting. In addition to offering the prospect of enhanced security, it makes companies impervious to surveillance efforts.
According to Hong, iMessage and FaceTime are already end-to-end encrypted, which is fantastic news for Apple users. Google Messages for Android phones allows encryption if both the sender and the recipient have enabled it.
Messages exchanged between Android and iPhone phones are less secure, though. The best way to stop snooping on your messages is to use end-to-end encrypted software, such as Signal or WhatsApp, according to Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation (EFF). She emphasizes that all of your communications are always encrypted from beginning to end.
Another risk, according to Galperin, is that a hacker who has obtained your website ID and password can intercept a one-time passcode used in two-factor authentication (2FA) by monitoring your text messages.
Galperin cautions that this is a very serious security risk. She suggests utilizing a physical security key to authorize access or getting 2FA notifications using an app like Authy or Google Authenticator.
Additionally, the FBI and CISA recommend that users set up their phones to upgrade their operating systems automatically.
According to Galperin, the majority of system breaches do not entail exploiting flaws that are unknown to third parties. In many cases, the product’s manufacturer has identified the vulnerability, addressed it, and released a patch in the form of a security update.
How at risk are you?
One of the core concepts in computer security is your threat model, which you should be aware of.
According to Hong, there are three key questions: What precisely are you attempting to safeguard? How important do you think it is? And what safeguards ought to be in place for it?
If the most precious objects on your phone are family photos, he believes you shouldn t be concerned about foreign hackers targeting you. What if you occasionally text about national or corporate secrets, or politically sensitive information?
If you are in business, if you are a journalist, if you are somebody in contact with democracy protesters in Hong Kong or Shenzhen or Tibet, then you might want to assume that your phone calls and text messages are not safe from the Chinese government, Galperin, who represents the EFF, adds.
Bad actors, such as cybercriminals, may have varied goals, Hong adds, but if you just do a few relatively simple things, you can actually protect yourself from the vast majority of those kinds of threats.
What are the hackers doing?
Two months after The Wall Street Journal revealed that Chinese government-affiliated hackers had compromised systems that enable US law enforcement agencies to carry out electronic surveillance operations under the Communications Assistance for Law Enforcement Act (CALEA), the FBI and CISA issued the alert.
These are for legitimate wiretaps that have been authorized by the courts, Hong tells me. However, in the hands of hackers, he claims that the technologies may be used to surveil communications and metadata for a large number of people. And it appears that [the hackers ] primary aim is Washington, D.C.
According to the FBI, the attack went far beyond the CALEA system, and the hackers continue to gain access to telecom networks. The United States has been working since late spring to assess the scope of their actions. This month, the Biden administration announced that at least eight telecommunications infrastructure businesses in the United States, and potentially more, had been compromised by Chinese hackers.
The FBI and CISA reported that the hackers stole a considerable amount of metadata. They stated that in far fewer occasions, the actual content of conversations and texts was targeted.
As agencies try to remove the hackers, the FBI urged Americans to adopt strong encryption a shift from years of pushing on a back door for law enforcement to access communications, according to Galperin.
The agencies also urge corporations to improve their security policies and collaborate with the government to make their networks more difficult to penetrate.
The adversaries we face are tenacious and sophisticated, and working together is the best way to ensure eviction, the top FBI official stated during the press briefing.
Concerning the risk to common customers, security experts such as Hong and Galperin believe that with large volumes of information passing between our phones, people should receive more assistance in safeguarding themselves.
I think it s really incumbent on software developers and these companies to have much better privacy and security by default, Hong points out. That way you don t need a Ph.D. to really understand all the options and to be secure.
Note: Every piece of content is rigorously reviewed by our team of experienced writers and editors to ensure its accuracy. Our writers use credible sources and adhere to strict fact-checking protocols to verify all claims and data before publication. If an error is identified, we promptly correct it and strive for transparency in all updates, feel free to reach out to us via email. We appreciate your trust and support!
Eliot Pierce is a dedicated writer for ChiefsFocus.com, covering local crime and finance news. With a keen eye for detail and a passion for storytelling, Eliot aims to provide his readers with clear and insightful analysis, helping them navigate the complexities of their financial lives while staying informed about important local events. His commitment to delivering accurate and engaging content makes him a valuable resource for the community.