The United States government is asking senior government and political officials to use only encrypted communication as concerns grow about what the Federal Bureau of Investigation (FBI) has called a “significant cyber espionage campaign” led by the Chinese government.
The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance this week on how to avoid the theft of private communication for “highly targeted” individuals, identified as senior government and senior political figures.
The guidance follows an investigation opened by the FBI and CISA last month looking into suspected cyber espionage targeting the country’s telecommunications infrastructure with connections to the People’s Republic of China. The agencies have said that those targeted were a limited number of people, primarily involved in political activity. However, the hackers may still be at work and the government is asking all smartphone users to be cautious of their communication methods.
The CISA is encouraging highly targeted individuals to use only encrypted communication for the time being. Here’s what to know about end-to-end encrypted communication and what steps all smartphone users can take to protect their data.
What is encrypted communication and how does it work?
End-to-end encryption is a security method in which data can only be accessed by users participating in the communication. No one else, like telecommunication or internet providers, can access the communication.
Holiday deals: Shop this season’s top products and sales curated by our editors.
Essentially, when data is encrypted, it is scrambled around to create what is known as ciphertext, according to Encryption Consulting. Only a secret key can “unlock,” or decrypt the data. This key is a unique, random string of characters, like a password.
What common messaging services use encryption?
Apple’s iMessage, Meta’s WhatsApp and Google Messages all encrypt data. Signal is another free encryption software that allows users to share texts, videos, photos and files.
Why is SMS not encrypted?
Short Message Service, more commonly known as SMS, is not encrypted. This is because when SMS was released − the first text message was sent in 1992 − digital security concerns were not as great as they are today. Additionally, encryption software was not as robust.
SMS messages travel through the cellular network, making them vulnerable to interception by hackers.
Other recommendations to protect data
In addition to encrypting communications, the CISA recommends the following practices:
Enable Fast Identity Online authentication. This type of authentication uses the strongest form of protection to secure accounts and other sensitive information. Google Titan and Tubico are recommended.
Do not use SMS as a second factor for authentication. SMS messages are not encrypted and could be at risk of theft.
Use a password manager. Apple Passwords, LastPass, 1Password, Google Password Manager and NordPass are a few options.
Set a Telco PIN to your mobile carrier account to protect sensitive mobile operations.
Regularly update software.
Opt for the latest hardware version from your smartphone manufacturer. Newer hardware features critical security features that older hardware may not support.
Do not use a personal VPN.