He called on Americans to use encryption. attack given
NurPhoto (from Getty Images)
Given the scale of these Chinese cyberattacks, it was republished on December 5 with additional comments provided by the FBI and a report on U.S. political pressure.
Timing is everything. Apple’s adoption of RCS seemed to signal a return to text messaging for WhatsApp’s unstoppable growth, but then a surprising new hurdle stood in its way. Sending messages from Android to Android or iPhone to iPhone is safe, but sending messages from one to the other is not.
Now, even the FBI and the US cyber defense agency CISA are warning Americans to use encrypted messaging and phone calls responsibly when possible. The background is that China’s hacking of U.S. networks is “ongoing and may be larger than previously understood.” Fully encrypted communications are the best defense against this breach, and Americans are urged to use encrypted communications whenever possible.
Network cyberattacks by Salt Typhoon, a group affiliated with China’s Ministry of Public Security, have raised concerns about the vulnerability of critical communications networks in the United States. The reality is different. Without fully end-to-end encrypted messaging and calls, there is always the possibility that your content could be intercepted. This is the whole reason why Apple, Google, Meta, etc. recommend its use, highlighting the fact that even they can’t see the content.
According to a senior FBI official, “In any investigative operation, especially one as significant and large-scale as this, the facts will change over time. Significant cyber espionage activity revealed He said the campaign had “identified Chinese-linked cyber actors compromising the networks of multiple telecommunications companies to enable multiple activities,” and that “the FBI has been conducting this campaign since late spring and early summer of this year. “We have begun an investigation into the activities.”
FBI officials said the public will “receive timely and automatic operating system updates, responsibly managed encryption and phishing-resistant MFA for email, social media, and collaboration tool accounts.” “Use a mobile phone equipped with
As reported by Politico, CISA’s Jeff Green added, “We definitely need to encourage Americans to use encrypted communications where they can. We need to consider what this means in the long term and how we protect our networks.”
As for what we know so far about the Salt Typhoon attack, FBI officials have warned that the attack stole extensive call and text metadata, but not extensive call and text content. did. However, “the attackers compromised the private communications of a limited number of individuals, primarily involved in government and political activities. This would have included the content of their phone calls and text messages.” .”
The scale of the hacking operation and its impact on the security of America’s critical infrastructure and networks sparked a stunning political storm. As reported by Reuters, “A U.S. government agency on Wednesday called a full Senate panel on allegations that China, known as Salt Typhoon, is trying to penetrate deeply into U.S. telecommunications companies and steal data about U.S. phone calls. After the press conference, “U.S. senators vowed to take action.”
Reuters also reported that “The Senate Commerce Subcommittee will hold a hearing on Dec. 11 on Salt Typhoon and how ‘security threats pose a risk to our nation’s communications networks and consider best practices.’ We are planning to do so.” Concerns are growing about the scale and scope of the reported Chinese hacking. Questions about U.S. telecommunications networks and when companies and the government can assure Americans on this issue. ”
At his first media conference on Tuesday, CISA’s Green reportedly suggested that “Americans should use encrypted apps for all communications” (1,2). This means that while iMessage and Google Messages are fully encrypted on these platforms, you’ll stop sending texts from your iPhone to your Android.
Greene added, “What we’re proposing, what we’ve been telling people internally, is nothing new here. If you have the ability to use encrypted voice communications, whether it’s text messaging. , encryption is your friend. Even if an enemy could intercept your data, it won’t be possible if it’s encrypted.”
A joint warning issued by the FBI, CISA, NSA, and other Five Eyes agencies regarding the ongoing hacking of communications networks was released on Tuesday.
The lack of end-to-end encryption to protect SMS’s successor, cross-platform RCS, is a glaring omission. This was highlighted in Samsung’s recent celebratory PR release about the success of RCS, which included the caveat that only Android-to-Android messaging is protected. It’s crazy how Google and Apple are separately advising Android and iPhone users to rely on end-to-end encryption, but RCS remains unsupported and there’s no plan for a fix. That’s ironic.
Mobile standards setters GSMA and Google have said encryption will be introduced to RCS, but there is no firm date yet. The assurance appeared to be a response to backlash over Apple’s latest updates in the media about security issues. Apple, which has more complete encryption than ever built into its iPhone ecosystem, had no comment.
There is an ironic twist to these warnings. As PC Mag commented, “The FBI has changed its use of end-to-end encryption after years of complaints that the same technology could impede investigations into seized smartphones and criminal suspects’ online accounts. This push is ironic.”
Given this, the FBI’s precise language of emphasis on responsible encryption, which has been largely overlooked in the report, is important. Responsibility in this context means providing access to user data (potentially including content) through lawful requests. This may seem subtle, but it’s definitely not. This excludes many of the largest and most well-known messaging platforms, such as WhatsApp and Signal. These platforms access data at one end with end-to-end encryption, which does not provide access to content unless the endpoint (device) is compromised. .
That said, my advice to use fully encrypted WhatsApp via RCS for cross-platform messaging remains unchanged, at least until RCS adds its own full encryption between iPhone and Android. No. Once you step outside of Apple or Google’s walled garden, this security protection is no longer in effect. With so many good and secure platforms readily available today, it’s not worth the risk. In light of ongoing cyber threats, the need for complete security has never been greater.
There are other fully encrypted platforms as well. Signal in particular is the best, despite having a much smaller installed base. Even Facebook Messenger now fully encrypts messaging, making standard SMS/RCS text messages even more exceptional. Signal and WhatsApp also enable cross-platform, fully encrypted voice and video calls, so given this FBI/CISA warning, these should also be your default choices.
Ironically, Apple’s iOS 18.2, released this month, will allow iPhone users to change their device’s default messenger from iMessage. Timing really is everything.
