The FBI’s further remarks and reporting on US political pressure in light of the scope of these Chinese cyberattacks were included in the republished edition on December 5.
When it comes to timing, it is crucial. An unexpected new obstacle has emerged to halt WhatsApp’s relentless expansion, just as Apple’s embrace of RCS had appeared to portend a return to text messaging. While messaging between Android and iPhone is safe, messaging between Android and iPhone is not.
Even the FBI and the US Cyber Defense Agency, CISA, are now cautioning citizens to use encrypted phone calls and messages wherever possible. The background is the allegedly “ongoing and likely larger in scale than previously understood” Chinese hacking of US networks. Americans are being recommended to use fully encrypted communications whenever possible, as it is the strongest defense against this attack.
The weaknesses in vital US communication networks have come to light as a result of the network hacks, which were ascribed to Salt Typhoon, a group connected to China’s Ministry of Public Security.
The facts are different. Content interception has always been a possibility in the absence of fully end-to-end encrypted calls and messages. For this reason, companies like Apple, Google, and Meta recommend using it, pointing out that even they are unable to view material.
One senior FBI official stated that “the facts will emerge over time within the investigative effort, especially one this important and large. A large and extensive cyber espionage effort has been uncovered by the ongoing investigation into the PRC’s targeting of commercial telecom infrastructure.
“The FBI started investigating this activity in late spring and early summer of this year,” he said, adding that the campaign “identified that PRC affiliated cyber actors have compromised networks of multiple telecom companies to enable multiple activities.”
People should be “using a cell phone that automatically receives timely operating system updates, responsibly managed encryption, and phishing resistant MFA for email, social media, and collaboration tool accounts,” the FBI official cautioned.
Jeff Greene of CISA added to this, “strongly urging Americans to ‘use your encrypted communications where you have itβ¦ we definitely need to do that, kind of look at what it means long-term, how we secure our networks,'” according to Politico.
The FBI official cautioned that extensive phone and text metadata was stolen in the attack, but extensive call and text content was not, according to what is now known about the Salt Typhoon attacks.
However, the players jeopardized the private communications of a select few people who are mainly engaged in political or governmental operations. This would have included text and phone contents.
Unsurprisingly, a political storm has been sparked by the scope of the hacking campaign and the consequences for the security of the US’s networks and vital infrastructure.
According to Reuters, “all senators received a classified briefing from US government agencies on Wednesday regarding China’s purported efforts, known as Salt Typhoon, to infiltrate American telecommunications companies and steal data about U.S. calls.” When the briefing was over, “US senators vow[ed] action.”
A Senate Commerce subcommittee will host a hearing on Salt Typhoon and how “security threats pose risks to our communications networks, and review best practices” on December 11, according to Reuters.” Concern over the extent and magnitude of the alleged Chinese hacking of American telecommunications networks is growing, as is uncertainty about when businesses and the government will be able to reassure citizens about the situation.
“That Americans should use encrypted apps for all their communications” is what CISA’s Greene allegedly said during Tuesday’s initial media briefing (1,2). Even if Google Messages and iMessages are completely secured on those platforms, this means that you should avoid sending texts from your iPhone to Android.
Greene went on to say, “Our recommendation, which we have discussed internally, is not new here: encryption is your friend, whether you can utilize encrypted voice communication or text messaging. If the data is encrypted, it will be impossible for the adversary to intercept it, even if they are able.
Along with other Five Eyes organizations, the FBI, CISA, and NSA jointly issued an alert on Tuesday regarding the ongoing telco network breaches.
An obvious deficiency is the absence of end-to-end encryption to safeguard cross-platform RCS, SMS’s replacement. Only messaging between Android devices is secure, as Samsung noted in their latest PR statement celebrating the success of RCS. The glaring irony is that, although Google and Apple both recommend end-to-end encryption for Android and iPhone users, RCS still lacks it, and there is currently no estimated time of when it will be fixed.
Although there isn’t a specific date yet, Google, GSMA, and the mobile standard-setter have stated that encryption will eventually be included to RCS. With the media picking up on the security vulnerability after Apple’s upgrade, that assurance appeared to be a reaction to the criticism. Apple, the company behind the more fully encrypted iPhone environment, has refrained from commenting.
These warnings have an ironic twist. The FBI has long complained that the same technology can impede their investigations into seized devices and online accounts belonging to criminal suspects, so PC Mag noted that “this push to use end-to-end encryption is ironic.”
In light of this, the FBI’s exact wording is crucial, emphasizing prudent encryption, which has been largely ignored in publications. In this context, “responsible” refers to granting access to user data, and possibly content, through legitimate requests. Although this might seem like a subtlety, it is not. Due to their inability to grant access to any content without an endpoint (device) compromise, which would allow access to the data at one end of the end-to-end encryption, this excludes many of the biggest and most well-known messaging systems, including WhatsApp and Signal.
For cross-platform communications, I still advise using the fully encrypted WhatsApp app rather than RCS, at least until RCS introduces its own full encryption between iPhones and Androids. Outside of Google’s or Apple’s walled gardens, these security measures are no longer in place. It’s not worth the risk because there are now so many excellent, secure platforms accessible. The current state of cyber threats makes complete security more important than ever.
–Deeprows News