Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Think twice before sending your next text message. Or better yet, make sure you’re using an end-to-end encryption method.
Consumers regularly use different types of messaging technologies, including those from the largest technology companies the apple, the alphabet and Meta platformsIncluding iMessage, Google Messages, WhatsApp and SMS, but the level of protection varies. Now, the US government is expressing greater concern after the latest hack of the nation’s largest telecommunications companies.
Last month, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation revealed a campaign by hackers linked to China. Salt typhoonthat made him compromise AT&T and Verizonand others, and was one of the largest hacks of US infrastructure in history. Following this warning, CISA, the National Security Agency, the FBI and international partners a joint guide to help protect Americans. It is a suggestion use end-to-end encryptionmethod that makes communications more secure.
End-to-end encryption ensures that only intended recipients can read your messages as they travel between your phone and another person’s phone. Secure messaging apps use end-to-end encryption to protect communications from hackers, surveillance and unauthorized access; therefore, even messaging application providers cannot read your messages.
“All things being equal, if you can afford to use an end-to-end encrypted platform, you should,” said Michael Hughes, business director of Duality Technologies, which enables organizations to share and analyze sensitive data using encryption.
Many consumers are unaware of their options for communicating securely through messaging apps. Here are the basics.
WhatsApp, among the best options for signal termination
Consumers use different messaging apps for a variety of purposes, often without regard for security. However, there are significant differences between the platforms that people should be aware of.
From a security perspective, free messaging apps like WhatsApp and Signal from Meta—whose co-founder was one of the founders of WhatsApp—are the best because of their built-in end-to-end encryption. This makes these apps highly preferred over SMS and SMS. MMS, the oldest messaging method that does not offer end-to-end encryption, said Trevor Horwitz, founder of TrustNet, a provider of cybersecurity and compliance services.
Even the best platforms for end-to-end encryption have their downsides. Signal is a favorite among many privacy enthusiasts because its mission emphasizes not collecting or storing sensitive information. This may be particularly compelling for people wary of WhatsApp’s parent Facebook and its privacy practices. The downside to Signal is that it’s not as widely used as WhatsApp, and if your contacts aren’t there, you can’t communicate, said Roger Grimes, an analyst at KnowBe4, a security platform provider.
There are also paid messaging apps that are end-to-end encrypted, such as Threema. It’s privacy by design and doesn’t require a phone number or email address, but it costs a few dollars, and getting your friends and family to join when there are already popular free options out there can be a challenge.
Most people will use encryption “if it’s their default and they don’t have the slightest objection,” Grimes said.
RCS and iMessage
Many messaging platforms now use RCS, which stands for Rich Communication Services. It’s the successor to SMS and MMS, with improved features and even end-to-end encryption capability, although not by default on all devices. For example, RCS messages using Google Messages are automatically upgraded to end-to-end encryption, but Apple’s implementation of RCS on iPhones is not end-to-end encrypted, Horwitz said.
For any user of Apple devices, the company’s proprietary iMessage app is end-to-end encrypted, but for users who send RCS messages through other text plans, such as a mobile carrier text option, end-to-end encryption is not provided. As Apple explains about sending messages via RCS options other than iMessage: “They are not protected from being read by a third party while they are being sent between devices.”
Also, not all devices are compatible with RCS and not supported by carriers. There are also compatibility issues between some iPhone and Android devices that are still being worked on, Horwitz said.
Facebook Messenger loopholes in encryption
It’s even more complicated because tech companies have multiple messaging products, and not all apps from a given provider support end-to-end encryption in the same way. For example, Facebook Messenger offers end-to-end encrypted messaging, but not in all cases. according to Facebooksome products do not support end-to-end encryption, such as community chats for Facebook groups, chats with businesses or accounts using enterprise messaging tools, Marketplace chats, and others.
Consumers should try to dig deeper into the applications they use to understand how end-to-end encryption works in a particular application, said Deirdre Connolly, cryptography standardization research engineer at SandboxAQ, an AI application developer. This information is usually in the support or privacy section of a provider’s website. But even so, it can be difficult to find and decipher. “You have to get into the fine print,” Connolly said.
Google vs. Apple
Google Messages is the default messaging app on many devices running the Android operating system and is used by many people to communicate, but consumers should understand that not all messages sent or received using the app are end-to-end encrypted. The app supports end-to-end encryption when other users send messages using Google Messages via RCS, according to the company. But messages are not end-to-end encrypted when communicating with an iPhone user, for example. Text messages appear dark blue in RCS status and light blue in SMS/MMS status. Users will also see a lock symbol when end-to-end encryption is active in a conversation.
In Apple’s case, communications between two iMessage users are end-to-end encrypted, but iMessage is an Apple-specific platform. This means that currently, communications between iMessage users and Android device users are not end-to-end encrypted. A green message bubble instead of blue indicates that the message was sent using MMS/SMS instead of iMessage.
In fact, a Department of Justice The antitrust case against Apple talks about offering end-to-end encryption outside of its iOS messaging app as a monopoly concern.
Protocols are being developed to enable end-to-end encryption between different communication platforms using RCS, but it is still a work in progress. “Work with key industry players is progressing well and we look forward to updating the market in the coming months,” said a spokesperson for GSMA, the industry body leading the effort.
Phone settings and constant risk of hacking
One thing people should do is check the settings on their phones. Many consumers have older phones and those who don’t have automatic updates enabled can miss out on critical security updates, including messaging apps that enable end-to-end encryption, said Chris Henderson, senior director of cybersecurity threat operations at Huntress. the company Also, with a new phone, transferred app settings may not migrate. If you enabled end-to-end encryption for apps on your previous phone, it’s a good idea to make sure the settings are also enabled on your new phone, Henderson said.
End-to-end encryption is not foolproof because hackers can intercept user communications in other ways, such as if the device itself is compromised, Horwitz said. For security purposes, it’s important to keep your devices healthy by installing all software updates, avoiding sketchy downloads, and rebooting periodically.
However, it is good practice to use end-to-end encryption where available. “Threat actors go where the masses go,” said Kory Daniels, global CISO at Trustwave, a provider of cybersecurity and managed security services. “If the masses are still using unencrypted communication methods, (bad actors) will continue to exploit the opportunity until users begin to develop their own digital behaviors.”
