Salt Typhoon: US cybersecurity watchdog urges switch to Signal-like messaging
apps

Date:
Thu, 19 Dec 2024 17:15:53 +0000

FULL STORY
======================================================================

The US cybersecurity watchdog is urging citizens to use only secure 
end-to-end encrypted messaging apps like Signal to secure mobile
communications. 

The Cybersecurity and Infrastructure Security Agency (CISA) shared a series 
of best practices on Wednesday, December 18, 2024, in the wake of the Salt
Typhoon attack. This " unprecedented cyberattack " is thought to be the
biggest intelligence compromise in US history, hacking at least eight US
telecom companies to spy on citizens. 

While the latest CISA announcement is aimed at highly targeted individuals 
who possess information of interest to Chinese hackers, everyone can benefit
from these security tips. These tips include avoiding unsecured virtual
private network (VPN) apps.

Signal and more security tips 

"Highly targeted individuals should assume that all communications between
mobile devices  including government and personal devices and internet
services are at risk of interception or manipulation," wrote the US
cybersecurity watchdog. 

With this in mind, the experts urge switching to Signal -like communications
apps. These services encrypt all the data in transit to ensure your messages
remain private between the sender and the receiver (end to end). 

CISA recommends finding a service compatible with both Android and iPhone,
allowing text message interoperability across platforms. These may also
include features like disappearing messages and images, which can enhance
privacy even further. 

Most importantly, "When selecting an end-to-end encrypted messaging app,
evaluate the extent to which the app and associated services collect and 
store metadata," said CISA. 

 Metadata refers to all the information that is not the content, such as IP
address, timestamps, data file size, and more. Metadata collection, for
instance, is one of the reasons why the likes of Signal or Session are
considered more secure than WhatsApp .

CISA also suggests enabling phishing-resistant forms of two-factor
authentication to ensure hackers cannot bypass this extra layer of 
protection. Experts recommend enabling Fast Identity Online (FIDO), which
includes biometrics (like fingerprints or facial recognition) and physical
security keys. 

As a rule of thumb, you should avoid using SMS as a second factor for
authentication as these aren't phishing-resistant. "SMS messages are not
encrypted  a threat actor with access to a telecommunication providers 
network who intercepts these messages can read them," explain the experts. 

US citizens are also urged to use strong password manager tools to store all
login details and find strong combinations. The likes of LastPass, Apple
Passwords App, and Google Password Manager Proton Pass are all free to use 
and automatically alert on weak, reused, or leaked passwords. 

Experts also recommend regularly updating devices' operating system software
to patch any vulnerabilities. They also advise against the use of unsecured
commercial VPN services as "many free and commercial VPN providers have
questionable security and privacy policies." 

This is why it's important to choose the best VPN apps with a reputable
reputation, strict no-log policy, and strong security features  even better
when independently audited.

======================================================================
Link to news story:
https://www.techradar.com/computing/cyber-security/salt-typhoon-us-cybersecuri
ty-watchdog-urges-switch-to-signal-like-messaging-apps

$$
--- SBBSecho 3.20-Linux