Sending SMS messages may land US citizens in the net of Beijing-powered Salt Typhoon hackers, FBI worries and switching to end-to-end encrypted messaging platforms is the only way to stay clear of data theft
Why has the Federal Bureau of Investigation (FBI) warned iPhone and Android users in the United States against sending text messages? Why has the agency, time and time again, reminded the US citizens that SMS is not end-to-end encrypted and thus poses cybersecurity risks? At the centre of the controversy is the "Salt Typhoon" — a data intelligence compromise reportedly orchestrated by the Chinese regime.
One of the biggest intelligence compromises in US history, China-empowered hackers is believed to have compromised networks of multiple telecom companies over the months. The incident, which remains to be fully remediated, was called "Salt Typhoon" by Microsoft first. 
According to NBC News, China managed to hack telecommunication majors AT&T, Verizon and Lumen Technologies to spy on customers. An FBI source who spoke to Forbes later confirmed that call and text metadata was stolen in the attack extensively.
Salt Typhoon was executed by the Chinese hackers in three stages, US media reports said:
ALSO READ | Why are cyber experts concerned about data security in India?
But how is sending and receiving simple text messages part of this seemingly big international warfare? According to cybersecurity experts, that is where E2EE comes in.
Encryption is the process of transforming readable plaintext into unreadable ciphertext to mask sensitive information from unauthorized users. Organizations regularly use encryption in data security to protect sensitive data from unauthorized access and data breaches. Encryption works by using encryption algorithms to scramble data into an indecipherable format. Only the authorized parties with the right secret key, known as the decryption key, can unscramble the data.
ALSO READ | ‘Data breach, ransomware threats amount to cyberattack on India, not trolling Prime Minister or LoP online’
According to IBM, End-to-end encryption (E2EE) is a secure communication process that encrypts data before transferring it to another endpoint. Data stays encrypted in transit and is decrypted on the recipient’s device.
E2EE transforms readable plaintext into unreadable ciphertext by using cryptography. This process helps to mask sensitive information from unauthorized users and ensures that only the intended recipients—with the correct decryption key—can access sensitive data. End-to-end encryption differs from other encryption methods because it provides data security from start to finish. It encrypts data on the sender’s device, keeps it encrypted during transmission and decrypts it only when it reaches the recipient’s endpoint. This process ensures that service providers facilitating the communications, such as WhatsApp, can’t access the messages. Only the sender and the intended recipient can read them, the report said. 
Simply put, SMS messages are not encrypted and thus the FBI is worried. 
Without fully end-to-end encrypted messaging and calls, ethical hackers and experts believe, threats can never be ruled out. Thus, privacy experts have always backed people completely switching to end-to-end encrypted apps. WhatsApp uses end-to-end encryption, and so does Signal. "Every device in an end-to-end encrypted chat has a special key that’s used to protect the conversation," Facebook has said about its Messenger App. 
ALSO READ | Cyber security professionals in India report rising stress amid complex threat landscape
While messaging Android to Android or iPhone to iPhone is secure, messaging from one to the other is not, Forbes pointed out in a report. 
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
*Articles appearing as INFOCUS/THE WEEK FOCUS are marketing initiatives
Copyright © 2024 All rights reserved

source