Feds Urge Usage Of End-To-End Encryption Following Massive Telecom Breach By Suspected Chinese Hackers


BERLIN, GERMANY - DECEMBER 27: A particpant checks a circuit board next to an oscilloscope on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants. (Photo by Adam Berry/Getty Images)
A participant checks a circuit board next to an oscilloscope on the first day of the 28th Chaos Communication Congress (28C3) – Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. (Photo by Adam Berry/Getty Images)

OAN Staff Blake Wolf
5:55 PM – Thursday, December 19, 2024

Following a massive telecom breach, Apple and Android users are being urged to restrain from receiving two-factor authentication codes through text, risking exposure of non-encrypted messages by suspected Chinese hackers.

Advertisement

The Cybersecurity and Infrastructure Security Agency (CISA) released a memo on Wednesday responding to the threat, instructing people to not utilize SMS as a second factor authentication method for online accounts.

“SMS messages are not encrypted — a threat actor with access to a telecommunication provider’s network who intercepts these messages can read them,” CISA stated.

The FBI urged smartphone users to use encrypted messaging apps like Signal or WhatsApp earlier this month after suspected Chinese hackers gained access to AT&T, T-Mobile, Verizon, and five other networks in order to snoop on certain service users.

Apps like WhatsApp, Apple’s iMessage, and Signal all provide an extra layer of security as they are all end-to-end encrypted, meaning the messages can’t be monitored by potential hackers, or the companies themselves.

“SMS messages are not encrypted — a threat actor with access to a telecommunication provider’s network who intercepts these messages can read them,” CISA stated.

The efforts of the hacker group, known as “Salt Typhoon,” which U.S. officials say is being run by the Chinese Government, is reportedly “ongoing and likely larger in scale than previously understood,” according to experts.

Jeff Greene, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, stated that the Salt Typhoon compromise “is part of a broader pattern of PRC activity directed at critical infrastructure.”

“We cannot say with certainty that the adversary has been evicted,” Greene continued. “This is ongoing PRC activity that we need to both prepare for and defend against for the long term.”

“We’re on top of tracking them down … but we cannot with confidence say that we know everything, nor would our partners,” he added.

The agency advised consumers to utilize alternate two-factor authentication methods wherever feasible to reduce the danger of hacking, even though some online services might not offer them. Additionally, they suggested utilizing a password manager, creating strong passwords, setting up a PIN whenever feasible, and updating personal devices.

Stay informed! Receive breaking news blasts directly to your inbox for free. Subscribe here. https://www.oann.com/alerts

Advertisements below

Share this post!





Source link