Think twice before sending your next text message. Or better yet, make sure you’re using an end-to-end encryption method.
Consumers regularly use different types of messaging technologies from the largest tech companies, including apple, letter and meta platformincluding iMessage, Google Messages, WhatsApp and SMS, but with varying levels of protection. Now, the U.S. government is voicing even greater concerns after the nation’s largest telecommunications company recently suffered a massive hack.
Last month, the Cybersecurity and Infrastructure Security Agency and the FBI revealed a hacking campaign linked to China. Typhoon Yanthis compromise AT&T and VerizonWait, one of the largest hacking attacks on U.S. infrastructure in history. Following the warning, CISA, the National Security Agency, the FBI and international partners issued a joint guide Help protect Americans. One suggestion is Use end-to-end encryptiona way to make communications more secure.
End-to-end encryption helps ensure that only the intended recipient can read your message as it travels between your phone and someone else’s phone. Secure messaging apps use end-to-end encryption to protect communications from hackers, surveillance, and unauthorized access, so even the messaging app provider cannot read your messages.
“All things being equal, if you have the opportunity to use a platform that is end-to-end encrypted, you should do so,” said Michael Hughes, chief commercial officer at Duality Technologies, which allows organizations to use encryption to share and analyze sensitive data.
Many consumers are unaware of their options for secure communication through messaging apps. This is the basics.
WhatsApp, Signal are one of the best end-to-end options
Consumers use different messaging apps for different purposes, often without giving security a second thought. However, people need to be aware that there are significant differences between platforms.
From a security perspective, free messaging apps like Meta’s WhatsApp and Signal (whose co-founder is one of the creators of WhatsApp) are considered the best because of the built-in end-to-end encryption. Text messages and text messages are more popular.
Even the end-to-end encryption platforms that are considered the best have shortcomings. Signal is a favorite of many privacy enthusiasts because its mission emphasizes not collecting or storing sensitive information. This is particularly attractive to those wary of WhatsApp’s parent company, Facebook, and its privacy practices. Roger Grimes, an analyst at security platform provider KnowBe4, said the downside of Signal is that it’s not as widely used as WhatsApp, and if your contacts aren’t there, you can’t communicate.
There are also paid messaging apps that are end-to-end encrypted, such as Threema. It’s designed with privacy in mind and doesn’t require a phone number or email address, but it costs a few dollars, and getting your friends and family to join can be a challenge when there are already popular free options.
Grimes said most people would use encryption “if it was the default and it didn’t cause them any inconvenience.”
RCS and iMessage
Many messaging platforms now use RCS, which stands for Rich Communications Services. It is the successor to SMS and MMS with enhanced functionality and also offers end-to-end encryption, although not all devices offer this by default. Horwitz said that, for example, RCS messages using Google Messages are automatically upgraded to end-to-end encryption, but Apple’s RCS implementation on the iPhone is not end-to-end encryption.
For any Apple device user, the company’s proprietary iMessage app is end-to-end encrypted, but for users sending RCS messages through other text plans, such as mobile carrier text options, Does not offer end-to-end encryption. As Apple explains about sending messages via non-iMessage RCS options: “When they are sent between devices, they are not protected from third-party readability.”
Additionally, not all devices are compatible with RCS, and carriers do not generally support it. In addition, Horvitz said there are compatibility issues between some iPhones and Android devices that are still being resolved.
Facebook Messenger encryption flaw
The situation is even more complicated because tech companies have multiple messaging products, and not every app from a given provider supports end-to-end encryption in the same way. For example, Facebook Messenger offers end-to-end encrypted messages, but not in all cases. according to Facebooksome products currently do not support end-to-end encryption, such as social chat in Facebook groups, chatting with businesses or accounts using business messaging tools, market chat, etc.
Deirdre Connolly, cryptography standardization research engineer at artificial intelligence application developer SandboxAQ, said consumers should try to dig deeper into the applications they are using to understand how end-to-end encryption works for a specific application. This information can usually be found in the support or privacy section of the provider’s website. But even so, it is difficult to find and crack. “You have to read the fine print carefully,” Connolly said.
Google and Apple
Google Messages is the default messaging app on many devices running the Android operating system, and many people use it to communicate, but consumers need to understand that not all messages sent or received using the app are end-to-end encrypted. According to the company, the app supports end-to-end encryption when using Google Messages to send messages to other users via RCS. But when communicating with iPhone users, for example, messages are not end-to-end encrypted. Text messages are displayed in dark blue in RCS status and light blue in SMS/MMS status. Users will also see a lock symbol when end-to-end encryption is active in a conversation.
As far as Apple is concerned, communications between two iMessage users are end-to-end encrypted, but iMessage is an Apple-specific platform. This means that currently communications between iMessage users and Android device users are not end-to-end encrypted. A green message bubble instead of a blue message bubble means the message was sent using MMS/SMS instead of iMessage.
In fact, the Ministry of Justice Antitrust case against Apple The company has repeatedly highlighted its failure to provide end-to-end encryption outside of its iOS messaging app as a monopoly issue.
Protocols are being developed to allow end-to-end encryption between different communication platforms using RCS, but this is still a work in progress. A spokesperson for the GSMA, the industry body leading the work, said: “Working with key industry stakeholders is progressing well and we look forward to updating the market situation in the coming months.”
Phone settings and the ongoing risk of hacking
One thing people should do is check the settings on their phone.網路安全公司Huntress 威脅營運高級總監Chris Henderson 表示,許多消費者擁有較舊的手機,而那些沒有啟用自動更新的消費者可能會錯過關鍵的安全更新,其中可能包括允許端對端加密的訊息應用program. Additionally, settings on transferred apps may not migrate when using a new phone. If you enabled end-to-end encryption for apps on your previous phone, it’s a good idea to check to see if those settings are also enabled on your new phone, Henderson said.
Horwitz said end-to-end encryption is not foolproof because hackers can intercept users’ communications through other means, such as compromising the device itself. For security purposes, it’s also important to keep your device healthy by installing all software updates, avoiding rough downloads, and restarting regularly.
Even so, it’s good practice to use end-to-end encryption if available. “Where the public goes, the threat actors go,” said Kory Daniels, global chief information security officer at Trustwave, a provider of cybersecurity and managed security services. “If the public is still using unencrypted communication methods, (bad actors) Will continue to exploit this opportunity until users begin to evolve their digital behavior.”