With increasing cyberattacks targeting phones, encrypted text messaging may become a necessity.
Attacks have been ramping up against telecommunication companies, including AT&T and Verizon. One of the attacks, linked to a Chinese hacking organization, has drawn uncertainty regarding the security of text messaging.
In a call in early December, two officials–an unnamed senior FBI official and Jeff Green, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency–suggested Americans start using encrypted messaging apps.
“Our suggestion, what we have folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted it will make it impossible,” said Greene.
The unnamed official added, “People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant” multi-factor authentication for various accounts, including email and social media.
The advisory follows the Chinese-linked organization, known as Salt Typhoon’s, attack, which is believed to be one of the largest intelligence compromises in US history. The organization successfully hacked into AT&T, Verizon, and Lumen to spy on customers.
Greene said the scope of the compromise was so large that it is uncertain when they will have a full understanding of the impact.
The investigative team does know that hackers generally accessed three types of information:
Currently, the Chinese government has denied any involvement, stating that they do not support any type of cyberattack.
With multiple carriers impacted, the compromise shows that many, perhaps the majority, of Americans may be vulnerable to attacks and spyware on their messaging apps.
With newfound knowledge of this threat, it’s important for Americans to proactively secure their devices. Even simple messages that include information like names, emails, or more could be used by attackers for fraud or other nefarious purposes.
Yet, even with increasing attacks, many people who text are unaware of these potential issues. Spreading awareness is vital to ensure that individuals are protecting themselves.
As the investigation against Salt Typhoon continues, we’ll likely learn more about the full extent and goal of the compromise.
While individuals should watch out to see if their device or messages were impacted, organizations should also consider the security of their communications. Texting is one of the best ways to communicate with customers and patients, but organizations should ensure they are keeping their, and their patient’s data, secure. If your organization needs to communicate with patients via text, consider using a secure platform like Paubox, which offers automatically encrypted text messaging.
Related: HIPAA Compliant Email: The Definitive Guide