The US is pushing for the use of encrypted messaging apps after the Salt Typhoon hack

US officials are urging Americans to use encrypted messaging apps to prevent their correspondence from falling into the hands of hackers.

NBC News reported the publication of the new guidelines on Tuesday. A senior FBI official and Jeff Greene, deputy director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, made the recommendation during a news conference on Tuesday.

The guide follows the discovery of a large-scale cyberattack campaign against US telecommunications companies. Salt Typhoon, a Chinese state-backed hacking group, has compromised the networks of AT&T Inc., Verizon Communications Inc. and Lumen Technologies Inc. T-Mobile US Inc. said the hackers did not access its infrastructure but rather compromised a link that connected its systems to another provider’s network.

Greene said during the news conference that officials had not yet grasped the full extent of the breach. Additionally, it is believed that the hackers still have access to some compromised systems.

“Our suggestion that we’ve shared with people internally is not new here: Encryption is your friend, whether it’s text messages or whether you have the ability to use encrypted voice communications,” Greene said. “Even if the adversary were able to intercept the data, it would be impossible to encrypt it if it were encrypted.”

Many encrypted communication apps protect user correspondence with so-called E2EE or end-to-end encryption. Typically, messages are encrypted in such a way that the developer of a communication app can theoretically read their contents. E2EEE encrypts messages before they leave the user’s device, meaning not even the app developer can access them.

The technology protects messages even if the network over which they are sent is compromised by hackers. Since the correspondence enters the network encrypted, it can be intercepted but not read.

Salt typhoon allegedly During its hacking campaign against US wireless carriers, the company accessed three types of data.

First, the hackers eavesdropped on telephone conversations of a “small number of political or government-affiliated individuals.” They also collected metadata about people in the Washington, D.C. area, such as which numbers they dialed and when. Finally, Salt Typhoon is believed to have compromised systems that airlines use to process court orders from law enforcement agencies.

In addition to recommending the use of encrypted messaging apps, authorities also issued additional cybersecurity guidance on Tuesday. Consumers are recommended to implement multi-factor authentication and use mobile phones that automatically receive timely operating system updates. Separately, a group of government agencies has released guidance on how network operators can improve their cybersecurity.

Photo: Unsplash