You may have heard recently that the FBI and Cyber Security and Infrastructure Security Agency are recommending cell phone users use end to end encryption when sending text messages. Why are they doing this and how does it affect you and your business?
In December of 2024 authorities revealed that Chinese hackers have breached at least 8 major telecom network infrastructures, including those of Verizon and AT&T. Known as Salt Typhoon, the nefarious actors used a “back door” that is used by U.S. foreign intelligence surveillance systems (yes that’s legal wiretapping). Senior officials within the US Government have admitted the hackers have had access since summer of 2024. It appears that they focused heavily on users in the Washington DC area.
As of late December, AT&T and Verizon have stated that their networks are now secure, but the FBI is still recommending that all cell phone users use end to end encryption when using messaging apps. Many organizations use messaging to communicate with customers and employees, so what does this mean for your business?
Take note of of the devices you are using. iMessages between iPhones use end to end encryption by default. Most Android to Android text messages are as well, as long as the service is not using RCN. It is important to note that iPhone to Android Messages are not encrypted. It is recommended that you use a trusted third party, such as Signal or Telegram for any cross-platform messaging. Be sure to read the fine print with these apps, as Telegram end-to-end encryption is not enabled by default and you must manually enable ‘secret chats’ on each conversation. Telegram’s data is encrypted between you and the server, but true end-to-end (only sender and recipient can decrypt) must be manually enabled on Telegram. With Signal, end to end is the default.
In conclusion, using end-to-end encryption for business messaging is just another tool to protect your business from nefarious actors. It keeps sensitive communications safe and private, which helps reduce the risk of unauthorized access and cyber threats, allowing you to maintain operational integrity.