Should You Ditch Unencrypted Messaging Apps? Here’s what the experts say about the FBI’s warning
- The FBI has warned Americans against using encrypted messaging apps
- Advice comes in the wake of a cyber attack targeting US telecom companies
- Encrypted messages are only as secure as the device that receives them
Tl;DR What should you use?
WhatsApp, Signal and Facebook Messenger all offer end-to-end encryption. If you use iOS and chat with people on Apple devices, Messages and FaceTime are secure, but not encrypted when talking to non-Apple devices. Normal text messages are not encrypted and RCS encryption depends on who you are talking to.
In the wake of a massive cyberattack on US telecom companies, the… The FBI has urged the Americans to do so to use encrypted messaging apps to keep their mobile communications safe. But why does that matter?
The warning comes after one of the largest intelligence breaches in American history. Salt Typhoon, a China-affiliated group, used a new backdoor malware to hack network operators, including AT&T and Verizon, and spy on their customers’ activities.
Salt Typhoon will be operational as early as 2022 and will target government agencies, political figures and key industries in the US. What is worrying about this latest attack is its scale and severity.
It focused on flaws in cybersecurity products such as firewalls and VPNs, as well as backdoors used by law enforcement agencies to monitor foreign targets and enforce wiretaps. According to the FBI, after compromising these networks, the hackers were able to deploy further malware and collect information, including the contents of phone calls and text messages.
It is for this reason that the FBI has recommended that Americans switch to the best encrypted apps to protect their communications. But what does that actually mean and will encrypted messages really protect you from cybercriminals? Here’s what the experts suggest.
What do the experts say?
In a briefing to reporters, Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), urged U.S. citizens to use encryption.
“Encryption is your friend, whether it’s text messaging or if you have the option to use encrypted voice communications,” Greene said. “Even if the adversary can intercept the data, if it is encrypted it will make this impossible.”
The advice was welcomed by privacy experts, who have long advocated wider use of encrypted communications systems.
Greg Nojeim, senior advisor and director of the Security and Surveillance Project at the Center for Democracy & Technology, noted: “If anti-encryption advocates had their way, the United States would now be defenseless against this kind of massive foreign espionage. current.”
What the FBI advisory does not address is that the Salt Typhoon hack exploited backdoors set up to allow law enforcement agencies to obtain communications data from suspected criminals.
Cybersecurity experts have long warned that any backdoor, even if implemented with good intentions, risks being used for nefarious purposes.
To enrol The conversationRichard Forno, deputy director of the UMBC Center for Cybersecurity, said: “It is somewhat ironic that one of the government’s recommended countermeasures to protect against Salt Typhoon espionage is the use of highly encrypted services for phone calls and text messages – encryption capabilities that It has spent decades trying to undermine so that only ‘the good guys’ can use it.’
What should you do?
According to Forno, “If you want to increase your security and privacy a bit, consider using end-to-end encrypted messaging services like Signal, FaceTime or Messages.”
End-to-end encryption adds an important layer of security to your digital conversations. In simple terms, it scrambles your message data into a form that is unreadable when opened by a third party. The contents can only be decrypted with the key – and only the sender and receiver have that key.
Chances are you already use a messaging service that offers end-to-end encryption. Apps like WhatsApp, Signal and Telegram are all end-to-end encrypted, as are Google Messages and Apple iMessage.
These options are much more secure than SMS and RCS: because these are unencrypted messaging protocols, they can be easily read if intercepted by cybercriminals.
While end-to-end encryption is important, it is not the end-to-end solution that the FBI seems to suggest. Because the key to your encrypted messages is kept on your device, anyone with access to that device can decrypt and read your messages.
That’s why it’s also important to follow a few basic steps to secure your smartphone and other devices. These include keeping your devices up to date with the latest software versions. You should also use a strong password as an extra line of defense against data breaches. To help you out, you can use one of the best password generators.
“Make sure you don’t use default passwords or easy-to-guess passwords on your devices,” Forno advises. “And consider using two-factor authentication to further strengthen the security of critical internet accounts.”
Two-factor authentication means that anyone trying to access your account must complete a second layer of security, such as providing a code sent by email.