Do you use text for multi-factor authentication? You should switch to another method. Especially with everything we've learned about the latest hack that has been touted. “The worst in the history of our country,” even the federal government is issuing warnings now. This includes calls for government officials to use only encrypted apps for communications.
Hackers collaborating with the Chinese government have infiltrated US telecommunications infrastructure. So profound that it caused the interception of unencrypted communications with a number of people. According to a report that first appeared in October– The operation, dubbed Salt Typhoon, apparently allowed hackers to listen in on phone calls and send messages. And the breach is so extensive that it has not yet been booted from a telecommunications network.
The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance this week on best practices for protection. “Highly targeted individuals” which includes New warning About the message
“Do not use SMS as a second factor for authentication. SMS messages are not encrypted. Threat actors with access to the networks of telecom operators that intercept these messages can read them. SMS MFA does not protect against phishing. Therefore, there is no strong authentication for the accounts of highly targeted individuals,” the advisory posted online reads.
Not all services allow multi-factor authentication. And sometimes text is the only option. But when you have a choice Should use anti-phishing methods such as passwords or Authentication app– CISA leads the way, insisting it only addresses high-value targets.
Incredibly, even the FBI has confirmed this. Using encryptionThis could indicate an invasion of US telecommunications infrastructure. How serious is it? The FBI has a long history of opposing encryption of any kind. At least there isn't some kind of back door that law enforcement can walk through. Apps like Signal have end-to-end encryption for messaging. Although this doesn't make it impossible to hack.
“Use a free messaging app for secure communications that guarantees end-to-end encryption, such as Signal or a similar app,” CISA said in its new guidance. CISA recommends end-to-end encrypted messaging apps. -end is compatible with both iPhone and Android operating systems, allowing cross-platform text messaging functionality. Such apps may offer clients for MacOS, Windows, and Linux, and sometimes the web.”
There has been criticism of both the federal government and telecommunications companies for not taking Typhoon Salt seriously enough, Sen. Mark Warner, a Democrat from Virginia, said. washington post and new york times Back in late November about the threat and sounding the alarm. But there are lingering questions about what ordinary people can do about it. It seems the answer is People can heed the advice of agencies like CISA when they make announcements for high-profile individuals.