The FBI is urging Americans to use encryption after complaining about it for years

With Chinese hackers potentially lurking in U.S. networks, the FBI is advising the public to embrace encryption, a technology the agency has long demonized.

A senior FBI official mentioned the tip in a phone call with reporters on Tuesday while discussing how China’s Salt Typhoon group compromised several U.S. telecommunications networks.

“People who want to further protect their mobile device communications would benefit from using a cell phone that automatically provides timely operating system updates, responsibly managed encryption, and phishing-resistant multi-factor authentication (MFA) for email, social, and Media and collaboration tool accounts,” the official said.

In the same call, Jeff Greene, an official with the Cybersecurity and Infrastructure Security Agency (CISA), added: “Encryption is your friend, whether it’s text messages or whether you have the ability to use encrypted voice communications.”

End-to-end encryption is a powerful tool that can prevent espionage because even if the data is stolen, it is encrypted and therefore unreadable by hackers. Only users with the decryption keys typically stored on their smartphones or devices can decrypt and access the information, ensuring privacy even in the event of interception.

The advice from the FBI and CISA comes as officials try to determine whether Chinese hackers are still lurking in U.S. networks after this violated AT&T, Verizon, T Mobileand Lumen Technology to spy on users’ cell phone activities.

“Given the current status of discovery of the activity, I think it would be impossible for us to predict a time frame for complete clearance,” Greene said.

He also noted that the level of infiltration varies between telecommunications companies. “It really depends on the victim…. It will depend on each individual and we are still getting a feel for the nature of the compromise,” Greene added.

Meanwhile, CISA and the FBI have released an advisory calling on engineers at US telecommunications companies to “ensure that data traffic is end-to-end encrypted to the greatest extent possible.”

This push to use end-to-end encryption is ironic since the FBI has long complained that the same technology can hamper its investigations into confiscated criminals’ smartphones and online accounts. In 2016, the FBI asked Apple to effectively build a backdoor into the company’s operating system before the agency used a third-party hacking tool to access an iPhone belonging to the San Bernardino mass shooter.

Over the summer, FBI Director Christopher Wray also said that encrypted apps made it difficult for the agency to fully investigate a phone that belonged to the man who tried to assassinate President-elect Donald Trump at a political rally in Pennsylvania.

Lack of encryption can be a serious vulnerability, as the Salt Typhoon hacks demonstrated. On Wednesday, U.S. Senators Ron Wyden (D-Ore.) and Eric Schmitt (R-MO) called on the Defense Department’s inspector general to investigate why the Pentagon awarded affected U.S. airlines a $2.7 billion contract forgave, even though they knew they were “vulnerable” to foreign surveillance.”

“The Department of Defense’s failure to secure its unclassified voice, video and text communications with end-to-end encryption technology has left it unnecessarily vulnerable to foreign espionage,” they claim.

Do you like what you’re reading?

Sign in SecurityWatch Newsletter with our top privacy and security stories straight to your inbox.

This newsletter may contain advertising, offers or affiliate links. By subscribing to a newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe from the newsletter at any time.

About Michael Kan

Senior Reporter

I’ve been a journalist for over 15 years – I started as a schools and city reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan