Salt Typhoon: US cybersecurity watchdog urges switch to Signal-like messaging apps
Date:
Thu, 19 Dec 2024 17:15:53 +0000
FULL STORY ======================================================================
The US cybersecurity watchdog is urging citizens to use only secure
end-to-end encrypted messaging apps like Signal to secure mobile communications.
The Cybersecurity and Infrastructure Security Agency (CISA) shared a series
of best practices on Wednesday, December 18, 2024, in the wake of the Salt Typhoon attack. This " unprecedented cyberattack " is thought to be the
biggest intelligence compromise in US history, hacking at least eight US telecom companies to spy on citizens.
While the latest CISA announcement is aimed at highly targeted individuals
who possess information of interest to Chinese hackers, everyone can benefit from these security tips. These tips include avoiding unsecured virtual
private network (VPN) apps.
Signal and more security tips
"Highly targeted individuals should assume that all communications between mobile devices including government and personal devices and internet
services are at risk of interception or manipulation," wrote the US cybersecurity watchdog.
With this in mind, the experts urge switching to Signal -like communications apps. These services encrypt all the data in transit to ensure your messages remain private between the sender and the receiver (end to end).
CISA recommends finding a service compatible with both Android and iPhone, allowing text message interoperability across platforms. These may also
include features like disappearing messages and images, which can enhance privacy even further.
Most importantly, "When selecting an end-to-end encrypted messaging app, evaluate the extent to which the app and associated services collect and
store metadata," said CISA.
Metadata refers to all the information that is not the content, such as IP address, timestamps, data file size, and more. Metadata collection, for instance, is one of the reasons why the likes of Signal or Session are considered more secure than WhatsApp .
CISA also suggests enabling phishing-resistant forms of two-factor authentication to ensure hackers cannot bypass this extra layer of
protection. Experts recommend enabling Fast Identity Online (FIDO), which includes biometrics (like fingerprints or facial recognition) and physical security keys.
As a rule of thumb, you should avoid using SMS as a second factor for authentication as these aren't phishing-resistant. "SMS messages are not encrypted a threat actor with access to a telecommunication providers
network who intercepts these messages can read them," explain the experts.
US citizens are also urged to use strong password manager tools to store all login details and find strong combinations. The likes of LastPass, Apple Passwords App, and Google Password Manager Proton Pass are all free to use
and automatically alert on weak, reused, or leaked passwords.
Experts also recommend regularly updating devices' operating system software
to patch any vulnerabilities. They also advise against the use of unsecured commercial VPN services as "many free and commercial VPN providers have questionable security and privacy policies."
This is why it's important to choose the best VPN apps with a reputable reputation, strict no-log policy, and strong security features even better when independently audited.
======================================================================
Link to news story:
https://www.techradar.com/computing/cyber-security/salt-typhoon-us-cybersecuri ty-watchdog-urges-switch-to-signal-like-messaging-apps
$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)