Jamie Spencer
Federal officials issued a stark warning Tuesday about an ongoing Chinese hacking campaign targeting American telecommunications companies. Dubbed “Salt Typhoon” by Microsoft, the operation highlights the vulnerabilities in telecom systems and the importance of encryption to secure communications from prying eyes.
The Role of Encryption in Protecting Communications
Encryption scrambles messages so they can only be read or heard by someone with the corresponding key to decrypt them. It has been widely adopted by app makers to protect user data from hackers and unauthorized surveillance. Though encryption has faced criticism from law enforcement, it remains one of the most reliable methods for ensuring private communication.
Why Hackers Target Telecom Infrastructure
Telecommunications companies often store call and SMS records temporarily, making them prime targets for hackers. While audio data isn’t typically recorded, hackers like those in the Salt Typhoon campaign can access vast amounts of metadata, including who called or texted whom and when. Targeting specific phone calls requires real-time interception, which is more complex.
Encrypted Messaging Apps: A Practical Solution
For everyday users, apps like Signal and WhatsApp offer robust end-to-end encryption, protecting messages and calls between users. With end-to-end encryption, only the intended recipient can decrypt the message; even the app’s operators cannot access the content. Signal’s encryption is widely regarded as among the best commercially available.
Both apps also allow users to make encrypted internet-based calls, providing additional layers of privacy.
Built-in Encryption for Text Messaging
Many Americans already benefit from encrypted texting without realizing it. iMessage and Google Messages automatically use end-to-end encryption for chats between users of the same app. However, cross-platform texting (e.g., between iMessage and Google Messages) relies on Rich Communications Services (RCS), which are encrypted but not end-to-end. This makes them more vulnerable to court orders or potential hacking.
For phone calls, Apple’s FaceTime and Google Fi offer internet-based encrypted calling, further enhancing security for users.
The Risks of Non-End-to-End Encryption
Apps like Telegram offer some encryption options, but they have limitations. Unlike Signal and WhatsApp, Telegram doesn’t encrypt conversations by default, and some of its code is not publicly accessible for testing. Cryptography experts remain cautious about endorsing the app for secure communications.
Why Encryption Matters
As threats like Salt Typhoon demonstrate, securing communication channels is critical to protecting sensitive information. End-to-end encryption offers a practical and widely available solution for individuals and organizations seeking to shield their messages and calls from hackers and surveillance.
