LONDON (AP) — After a sprawling hacking campaign exposed the communications of an unknown number of Americans, U.S. cybersecurity officials are advising people to use encryption in their communications.
To safeguard against the risks highlighted by the campaign, which originated in China, federal cybersecurity authorities released an extensive list of security recommendations for U.S. telecom companies — such as Verizon and AT&T — that were targeted. The advice includes one tip we can all put into practice with our phones: “Ensure that traffic is end-to-end encrypted to the maximum extent possible.”
End-to-end encryption, also known as E2EE, means that messages are scrambled so that only the sender and recipient can see them. If anyone else intercepts the message, all they will see is a garble that can’t be unscrambled without the key.
Law enforcement officials had until now resisted this type of encryption because it means the technology companies themselves won’t be able to look at the messages, nor respond to law enforcement requests to turn the data over.
Here’s a look at various ways ordinary consumers can use end-to-end encryption:
Texting
Officials said the hackers targeted the metadata of a large number of customers, including information on the dates, times and recipients of calls and texts. They also managed to see the content from texts from a much smaller number of victims.
If you’re an iPhone user, information in text messages that you send to someone else who also has an iPhone will be encrypted end-to-end. Just look for the blue text bubbles, which indicate that they are encrypted iMessages.
The same goes for Android users sending texts through Google Messages. There will be a lock next to the timestamp on each message to indicate the encryption is on.
But there’s a weakness. When iPhone and Android users text each other, the messages are encrypted only using Rich Communication Services, an industry standard for instant messaging that replaces the older SMS and MMS standards.
Apple has noted that RCS messages “aren’t end-to-end encrypted, which means they’re not protected from a third party reading them while they’re sent between devices.”
Samsung, which sells Android smartphones, has also hinted at the issue in a footnote at the bottom of a press release last month on RCS, saying, “Encryption only available for Android to Android communication.”
Chat apps
To avoid getting caught out when trading texts, experts recommend using encrypted messaging apps.
Privacy advocates are big fans of Signal, which applies end-to-end encryption on all messages and voice calls. The independent nonprofit group behind the app promises never to sell, rent, or lease customer data and has made its source code publicly available so that it can be audited by anyone to examine it “for security and correctness.”