FBI shifts stance, recommends encryption to keep phone chats private
A hot potato: State-sponsored hackers linked to Beijing recently breached American telecom providers in a big way. The gravity of the situation has prompted the FBI and CISA officials to advise users to adopt encryption as a safeguard for private communications.
A state-sponsored hacking group known as “Salt Typhoon” recently managed to compromise surveillance systems used by law enforcement agencies. This massive breach highlights the growing privacy risks associated with phone usage and communication, a concern that all users should take seriously.
Salt Typhoon’s attack targeted major U.S. telecom providers, including AT&T, Verizon, T-Mobile, and Lumen Technologies. According to an unnamed FBI agent, the hackers accessed vast amounts of sensitive data, including details such as phone call recipients, call times, and, in some cases, the actual content of live calls. Additionally, they may have obtained unencrypted text messages, further exposing users to significant privacy vulnerabilities.
The situation is unprecedented, prompting U.S. officials to make some unexpected recommendations. “Encryption is your friend,” said Jeff Greene of CISA.
Jeff Greene, executive assistant director for cybersecurity at CISA, described the attack as both massive and alarmingly successful, noting that authorities are still uncertain when the hackers will be fully “evicted” from US networks.
Records indicate that the most sensitive targets were located in the Washington, D.C., area. However, the FBI reportedly has no plans to notify individuals whose phone metadata may have been compromised.
The situation is unprecedented, prompting U.S. officials to make some unexpected recommendations. “Encryption is your friend,” said Jeff Greene of CISA. The agency, which has been promoting this message internally, is now urging the American public to adopt encrypted communication methods. Encrypted data, even if intercepted, is far less useful to hackers due to the complexities involved in decryption.
Side note: The following platforms provide end-to-end encryption by default for all direct messages and calls (outside of groups): WhatsApp, Signal, iMessage (between Apple devices), Telegram (secret chats only), Viber, Element, Threema.
An unnamed FBI official reinforced this advice, recommending the use of encrypted messaging apps to reduce the risk of hackers wiretapping communications. Additionally, mobile phone users can strengthen their security by keeping their operating systems up to date and enabling multi-factor authentication for email, social media accounts, and collaboration tools.
The FBI’s stance on encryption has never been straightforward until now. While the agency publicly claims it does not oppose encryption and stresses the importance of algorithms remaining robust against adversarial attacks like those carried out by Salt Typhoon, its history tells a different story.
Notably, the FBI spent years pressuring Apple for “exclusive” access to unlock suspects’ phones – an approach that starkly contradicts with its current recommendations to prioritize security and privacy.