After a sprawling hacking campaign exposed the communications of an unknown number of Americans, U.S. cybersecurity officials are advising people to use encryption in their communications.
To safeguard against the risks highlighted by the campaign, which originated in China, federal cybersecurity authorities released an extensive list of security recommendations for U.S. telecom companies — such as Verizon and AT&T — that were targeted. The advice includes one tip we can all put into practice with our phones: “Ensure that traffic is end-to-end encrypted to the maximum extent possible.”
End-to-end encryption, also known as E2EE, means that messages are scrambled so that only the sender and recipient can see them. If anyone else intercepts the message, all they will see is a garble that can’t be unscrambled without the key.
Officials said the hackers targeted the metadata of a large number of customers, including information on the dates, times and recipients of calls and texts. They also managed to see the content from texts from a much smaller number of victims.
If you’re an iPhone user, information in text messages that you send to someone else who also has an iPhone will be encrypted end-to-end. Just look for the blue text bubbles, which indicate that they are encrypted iMessages.
The same goes for Android users sending texts through Google Messages. There will be a lock next to the timestamp on each message to indicate the encryption is on.
But there’s a weakness. When iPhone and Android users text each other, the messages are encrypted only using Rich Communication Services, an industry standard for instant messaging that replaces the older SMS and MMS standards.
To avoid getting caught out when trading texts, experts recommend using encrypted messaging apps.
Privacy advocates are big fans of Signal, which applies end-to-end encryption on all messages and voice calls. The independent nonprofit group behind the app promises never to sell, rent, or lease customer data and has made its source code publicly available so that it can be audited by anyone to examine it “for security and correctness.”
Signal’s encryption protocol is so reputable that it has been integrated into rival WhatsApp, so users will enjoy the same level of security protection as Signal, which has a much smaller user base. End-to-end encryption is also the default mode for Facebook Messenger, which like WhatsApp is owned by Meta Platforms.
Telegram is an app that can be used for one-on-one conversations, group chats and broadcast “channels” but contrary to popular perception, it doesn’t turn on end-to-end encryption by default. Users have to switch on the option. And it doesn’t work with group chats.
Instead of using your phone to make calls through a wireless cellular network, you can make voice calls with Signal and WhatsApp. Both apps encrypt calls with the same technology that they use to encrypt messages.
There are other options. If you have an iPhone you can use Facetime for calls, while Android owners can use the Google Fi service, which are both end-to-end encrypted.
The only catch with all these options is that, as with using the chat services to send messages, the person on the other end will also have to have the app installed.
WhatsApp and Signal users can customize their privacy preferences in the settings, including hiding IP address during calls to prevent your general location from being guessed. [Abridged]
Kelvin Chan, MDT/AP Business Writer
No Comments