According to the FBI, Your Texts May Be Unsafe

“The FBI says you should stop texting” sounds like something your estranged uncle would post on Facebook, but it’s actually true: Both the FBI and CISA (Cybersecurity and Infrastructure Security Agency) are sounding the alarm about some texters platforms, and, in some cases, the phone calls themselves.

However, simply leaving everything as it is would be a huge mistake. American security services do not believe that you should communicate by regular mail. Instead, they are particularly concerned about citizens using insecure means of communication and encourage them to use secure, end-to-end encrypted options instead. Here’s why.

Salt typhoon threatens American safety

The current wave of concern comes from Salt Typhoon, a hacking group believed to be run by the Chinese government. In recent months , the Salt Typhoon has threatened the privacy and security of many Americans , both private and public citizens. The group is accused of hacking 80 telecommunications groups, including US providers that the federal government relies on for wiretapping purposes . (Verizon and AT&T were affected.) These hackers reportedly tapped the phones of President-elect Trump and Vice President-elect Vance, as well as the phones of Harris’ campaign staff.

Through these attacks, hackers stole ” a large amount of metadata ,” including, in limited cases, phone calls and messages, according to the FBI and CISA.

And it’s not just the Salt Typhoon. Insecure messaging has long been a concern among security experts and specialists. These hackers may have been the catalyst for the FBI and CISA warning Americans about this, but it’s good practice to ensure your communications are protected at all times.

Where encryption comes into play

While it doesn’t currently appear that hackers regularly read and monitor everything you write or say on the phone, the reason they were able to access the contents of these messages in the first place is because of the lack of end-to-end communication. – complete encryption.

In short, end-to-end encryption (E2EE) protects the contents of messages and calls between recipients. The content here is encrypted, so to an unauthorized user your text will look like a bunch of meaningless characters. The only way to decrypt a message is to have the “key”, which in our case is located in the applications of the respective recipients. So, when you send a message from an E2EE app to another E2EE user, that message is only readable by the two of you. The same goes for messages in E2EE group chats or E2EE audio calls.

The problem is that traditional phone calls are not E2EE, and neither are SMS text messages. (When the FBI says “don’t text,” they mean don’t use unsecure texting methods like SMS.)

You may already be communicating securely

The point is that many (if not most) of your communications may already be E2EE. If you have an iPhone and only send messages to other iPhones, you’re using Apple iMessage, an E2EE messaging platform. (The blue bubbles are a clue.) Android users using the latest versions of Google Messages are also likely communicating via RCS rather than SMS and can take advantage of E2EE – just look out for the little “lock” icon that appears when sharing messages. FaceTime, both audio and video calls, are also encrypted.

However, there are too many cases where messages and calls are not E2EE. For example, traditional telephone calls are not E2EE. SMS, as noted above, is not E2EE. Even when you try to avoid SMS, it appears: since RCS requires an Internet connection, for example, your phone may default to SMS when messaging in low-signal areas. The same goes for iMessage.

But even if you have a good connection, RCS is not always encrypted. Of course, if you have two Android devices messaging via Google Messages, you’re likely protected, but using RCS between Android and iPhone is not encrypted . An Android using another messaging app and another Android using Google Messages are also not encrypted.

If in doubt, use a special application

The only way to guarantee end-to-end encryption of your messages and calls is to use a service that guarantees that all messages are encrypted.

While there are a number of messaging platforms that offer E2EE, we recommend using Signal. Signal messages and calls are always in E2EE format, so there’s no risk of your messages being intercepted—unless, of course, someone takes control of another person’s device. WhatsApp is also an E2EE platform by default. While Meta has many privacy and security concerns, WhatsApp is an exception. I understand the concerns some security-conscious users have when using a meta product, but if you are one of the billions already using it, you can continue to use it safely.

There are applications with E2EE options that are not E2EE by default. Messenger (formerly known as Facebook Messenger) now uses E2EE by default , but existing chats (especially group chats) may still be unencrypted, so be careful. Telegram and Instagram also offer E2EE, but you’ll have to choose to send encrypted messages. If you just download apps and send messages, it’s not much better than using SMS.

Remember, too, that it’s not just about messaging and calling from your phone. All your devices need to be taken into account. If you send messages or call people from your tablet or computer, make sure the apps you use support E2EE by default.

More…

Leave a Reply