Think twice before you send your next text message. Even better, make sure you’re using an end-to-end encryption method.
Consumers regularly use different types of messaging technologies from the largest technology companies, including: apple, alphabet and meta platformiMessage, Google Messages, WhatsApp, and SMS, but with different levels of protection. Now, the US government is expressing further concern following the recent massive hack of the country’s largest telecommunications company.
Last month, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation revealed an attack by China-linked hacker Salt Typhoon. AT&T and verizonIt was one of the largest hacks of U.S. infrastructure in history. In response to this warning, CISA, the National Security Agency, the FBI, and international partners published a joint guide to help protect Americans. One suggestion is to use end-to-end encryption, a way to make communications more secure.
End-to-end encryption ensures that only the intended recipient can read messages as they pass between your phone and someone else’s phone. Secure messaging apps use end-to-end encryption to protect your communications from hackers, surveillance, and unauthorized access, so even your messaging app provider can’t read your messages.
“All things being equal, if you have the opportunity to use a platform that is end-to-end encrypted, you should,” he says, allowing organizations to use encryption to share and analyze sensitive data. said Michael Hughes, Chief Business Officer of Duality Technologies.
Many consumers are unaware of their options for communicating securely on messaging apps. The basics are:
WhatsApp, Signal is one of the best end-to-end options
Consumers use different messaging apps for different purposes, but often don’t give any thought to security. However, there are notable differences between the platforms that you should be aware of.
From a security perspective, free messaging apps like WhatsApp and Signal by Meta (whose co-founder is one of the creators of WhatsApp) are the best because they have end-to-end encryption built-in. It is believed that there are. As a result, these apps use SMS and MMS, two older messaging methods that don’t offer end-to-end encryption, said Trevor Horwitz, founder of TrustNet, a cybersecurity and compliance services provider. .
Platforms considered the best for end-to-end encryption also have drawbacks. Signal is popular among many privacy enthusiasts because its mission focuses on not collecting or storing sensitive information. This will be especially persuasive to people who are wary of WhatsApp’s parent company, Facebook, and its privacy practices. Roger Grimes, an analyst at security platform provider KnowBe4, said the downside to Signal is that it’s not as widely used as WhatsApp and you can’t communicate if your contacts aren’t registered.
There are also paid messaging apps that are end-to-end encrypted, such as Threema. It’s designed to protect your privacy and doesn’t require a phone number or email address, but it does cost a few dollars and can be difficult to get friends and family to join when there are already popular free options. yeah.
Grimes said most people would use encryption “if it’s the default and there’s nothing wrong with it.”
RCS and iMessage
Many messaging platforms today use RCS, which stands for Rich Communication Services. It is the successor to SMS and MMS with enhanced functionality and also offers end-to-end encryption, although not all devices have it by default. For example, Horwitz said RCS messages using Google Messages are automatically upgraded to end-to-end encryption, but Apple’s implementation of RCS on the iPhone is not end-to-end encrypted.
For Apple device users, the company’s own iMessage app is end-to-end encrypted, but for users who send RCS messages through other text plans, such as your mobile carrier’s text option, end-to-end encryption is not provided. Apple explains that sending messages via RCS options other than iMessage is “not protected from third-party reading of messages while in transit between devices.”
Additionally, not all devices are RCS compatible or widely supported by carriers. In addition, there are compatibility issues between some iPhones and Android devices that are still being resolved, Horwitz said.
Facebook Messenger Encryption Gaps
The situation is further complicated by the fact that technology companies have multiple messaging products, and not all applications from a given provider support end-to-end encryption in the same way. For example, Facebook Messenger offers end-to-end encrypted messaging, but it doesn’t work in all cases. According to Facebook, some products do not currently support end-to-end encryption, including community chats in Facebook Groups, chats with businesses and accounts using business messaging tools, and chats in Marketplace.
Deirdre Connolly, crypto standards research engineer at AI application development company SandboxAQ, said consumers are looking to dig deeper into the apps they use to understand how end-to-end encryption works in a particular app. He said we should try to understand. This information is often available in the support or privacy section of the provider’s website. But it can still be difficult to find and decipher. “We have to get down to the details,” Connolly said.
google vs apple
Google Messages is the default messaging app on many devices running the Android operating system, and while many people use it to communicate, consumers are aware that everything sent and received using the app You should understand that your messages are not end-to-end encrypted. According to the company, the app supports end-to-end encryption when sending messages to other users using Google Messages via RCS. However, when communicating with iPhone users, for example, messages are not encrypted end-to-end. Text messages appear dark blue in RCS states and light blue in SMS/MMS states. If end-to-end encryption is activated for a conversation, users will also see a padlock symbol.
For Apple, communications between two iMessage users are end-to-end encrypted, but iMessage is an Apple-specific platform. This means that communications between iMessage users and Android device users are not currently encrypted end-to-end. A green message bubble instead of a blue message bubble indicates that the message was sent using MMS/SMS rather than iMessage.
In fact, the Department of Justice’s antitrust lawsuit against Apple cites its failure to provide end-to-end encryption outside of its iOS messaging apps as a proprietary concern.
A protocol has been developed that uses RCS to enable end-to-end encryption between different communication platforms, but it is still in development. A spokesperson for GSMA, the industry body leading the effort, said: “Our work with key industry stakeholders is progressing well and we look forward to providing market updates in the coming months.” said.
Phone configuration and ongoing hacking risks
One thing people should do is check their phone settings. Many consumers have older phones, and those who don’t have automatic updates enabled can miss out on important security updates that may include messaging apps that enable end-to-end encryption. said Chris Henderson, senior director of threat operations at cybersecurity firm Huntress. company. Also, the settings of the migrated apps may not be migrated to the new phone. If you enabled end-to-end encryption for your app on your previous phone, it’s also a good idea to make sure that setting is enabled on your new phone, says Henderson.
Horwitz said end-to-end encryption is not foolproof, as hackers can intercept users’ communications in other ways, such as if the device itself is compromised. For security reasons, it’s also important to keep your device healthy by installing all software updates, avoiding cursory downloads, and performing regular reboots.
Still, we recommend using end-to-end encryption if available. “Threat actors go where the public goes,” said Cory Daniels, global CISO at cybersecurity and managed security services provider Trustwave. “If the public still uses unencrypted communication methods,[bad actors]will continue to exploit that opportunity until users begin to evolve their digital behaviors.”
