How to keep text messages secure
-
It's not often that a piece of FBI advice triggers a Snopes fact check. But the agency's urgent message this month to Americans, often summarized as "stop texting," surprised many consumers.
The warning from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) highlighted vulnerabilities in text messaging systems that millions of Americans use every day.
The U.S. believes hackers affiliated with China's government, dubbed Salt Typhoon, are waging a "broad and significant cyber-espionage campaign" to infiltrate commercial telecoms and steal users' data — and in isolated cases, to record phone calls, a senior FBI official who spoke to reporters on condition of anonymity said during a Dec. 3 briefing call.
The CISA released a list of best security practices for smartphone users on Thursday, with specific tips for iPhone and Android owners. The agencies' guidance may have surprised consumers — but not security experts.
"People have been talking about things like this for years in the computer security community," Jason Hong, a professor at Carnegie Mellon University's School of Computer Science, told NPR. "You should not rely on these kinds of unencrypted communications because of this exact reason: There could be snoopers in lots of infrastructure."
-
I was just talking about this with a colleague the other day -- not the article, but the point that texting is not secure. I always assume that anything we write could grow legs, for one thing, but also the point that we are probably far more vulnerable to having our phones hacked than people realize.
Most of the time I'm not writing anything of consequence, but it's good to be extra careful. And maybe switch to Whats App or Signal, esp. if I don't know the platform of the person on the other end....
Ok now lemme go read that article.
-
@ShiroKuro said in How to keep text messages secure:
Yikes! This is one big concern:
"hacker who has managed to get your ID and password for a website can monitor your text messages to intercept a one-time passcode that's used in two-factor authentication (2FA)."
For this, go to Passkey when you can.
There are still technical kinks to smooth out and it will take a while for more websites/web services to adopt Passkey but it's the most promising path to better cybersecurity protection for the masses that doesn't drive the casual users nuts.
