What is the FBI text warning IPhone to android

IdrisSeabright wrote:

Forbes and a number of other outlets had articles about it today. However, when I go to the FBI's website, to CISA's website, I don't actually see any warning. More scaremongering, I guess.

You mean this?

https://www.cisa.gov/news-events/news/cisa-nsa-fbi-and-international-partners-publish-guide-protecting-communications-infrastructure

The warning is based on the fact that Chinese government hackers have gotten into AT&T’s and Verizon’s networks and can read texts in transit. They recommend WhatsApp, Telegram or Signal (the same services that the FBI and CIA want to have backdoors for their use).

“In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.”

https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694

Quoting officials of Law Enforcement and Computer security agencies doesn’t seem like scaremongering.

lobsterghost1 wrote:

I read an article about this earlier. They are suggesting, not surprisingly, we use more secure means of communication, especially, if we are important figures. I'm not important enough for anyone to be bothered about anything I may write in a message. But by secure, they mean iMessage or using apps which use Two Factor Authentication to encrypt things we write.

Again, as someone who is certainly not important by any stretch of the imagination, I'm not going to be overly concerned here. I really only use iMessage and now RCS. I rarely communicate with anyone through WhatsApp or other social media options.

Anyone who manages to listen into my calls or read my text messages is not going to find much exciting. The most interesting text I've gotten lately was when my sister-in-law sent me my mother's Fudge Cookie recipe. I'm happy to share that.

IdrisSeabright wrote:

Forbes and a number of other outlets had articles about it today. However, when I go to the FBI's website, to CISA's website, I don't actually see any warning. More scaremongering, I guess.

I read an article about this earlier. They are suggesting, not surprisingly, we use more secure means of communication, especially, if we are important figures. I'm not important enough for anyone to be bothered about anything I may write in a message. But by secure, they mean iMessage or using apps which use Two Factor Authentication to encrypt things we write.

Again, as someone who is certainly not important by any stretch of the imagination, I'm not going to be overly concerned here. I really only use iMessage and now RCS. I rarely communicate with anyone through WhatsApp or other social media options.

Forbes and a number of other outlets had articles about it today. However, when I go to the FBI's website, to CISA's website, I don't actually see any warning. More scaremongering, I guess.

Lawrence Finch wrote:

IdrisSeabright wrote:

Forbes and a number of other outlets had articles about it today. However, when I go to the FBI's website, to CISA's website, I don't actually see any warning. More scaremongering, I guess.

You mean this?

https://www.cisa.gov/news-events/news/cisa-nsa-fbi-and-international-partners-publish-guide-protecting-communications-infrastructure

The warning is based on the fact that Chinese government hackers have gotten into AT&T’s and Verizon’s networks and can read texts in transit. They recommend WhatsApp, Telegram or Signal (the same services that the FBI and CIA want to have backdoors for their use).

I tried to read it all. I must have missed the recommendation to use WhatsApp, Telegram or Signal?

Here is some recent background on the topic and the concerns around US DoD, this from Senator Wyden:

https://www.documentcloud.org/documents/25444522-wyden-schmitt-dod-oig-letter-on-communications-security-plus-attachments/?mode=document

If your communications security and account security wasn’t good before (SMS wasn’t), there’s no time like the present to update it.

Some general suggestions: Better Securing Your Data, and Apple Account - Apple Community

IdrisSeabright wrote:

lobsterghost1 wrote:

I read an article about this earlier. They are suggesting, not surprisingly, we use more secure means of communication, especially, if we are important figures. I'm not important enough for anyone to be bothered about anything I may write in a message. But by secure, they mean iMessage or using apps which use Two Factor Authentication to encrypt things we write.

Again, as someone who is certainly not important by any stretch of the imagination, I'm not going to be overly concerned here. I really only use iMessage and now RCS. I rarely communicate with anyone through WhatsApp or other social media options.

Anyone who manages to listen into my calls or read my text messages is not going to find much exciting. The most interesting text I've gotten lately was when my sister-in-law sent me my mother's Fudge Cookie recipe. I'm happy to share that.

Same. If they want to know what time I'm coming home or that we need milk, butter or eggs, they can knock themselves out!

PBS News (December 4, 2004) – At least 8 U.S. telecom firms were hit by China’s hacking campaign, White House says

The hack gave the Chinese government access to both text messages and telephone conversations, but likely was targeted at "senior government officials and prominent political figures."

If this hit the computers belonging to the phone companies, it might have compromised any sort of call or message that wasn't encrypted end-to-end. Phone calls and SMS/MMS messages are not encrypted end-to-end; it's merely difficult for "mere mortals" to intercept them.

Johnathan Burger wrote:

“In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.”

https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694

Quoting officials of Law Enforcement and Computer security agencies doesn’t seem like scaremongering.

Of course, if you were traveling in a place like China or North Korea or Russia, and were "of interest" to the secret police or spy agencies, you'd do well to keep this in mind:

XKCD – Security

The communications backdoor implemented for law enforcement lawful interception was reported compromised, and the decades of efforts by US law enforcement to weaken or backdoor communications security have had the expected and near-inevitable results, yes.

The recent law enforcement recommendations around encryption are a substantial shift in longstanding efforts.

SMS has long been known weak and subject to exploits, with a major breach happening back in 2017. The carrier O2-Telefonica was compromised, a compromise which was then used to access German bank accounts per reports in Süddeutsche Zeitung at the time.

Here’s a warning of this mess from 2017: https://www.wyden.senate.gov/imo/media/doc/2192_001.pdf

We’re still cleaning up from the export-grade encryption vulnerabilities and the various “crypto wars”, too.

But these are the laws of the US and other countries, so we deal with what we deal with.

More generally, SMS (and standard RCS) communications are less than secure, yes. So too can be some encrypted messaging services including Matrix apparently, the latter per Europol.

If your texts and call metadata are sensitive, yes, you’ll probably want to use different messaging paths.

Johnathan Burger wrote:

“In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.”

https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694

Quoting officials of Law Enforcement and Computer security agencies doesn’t seem like scaremongering.

Quoting one person who will not be named and one person from another organization when neither actual organization had any warnings posted on their websites seemed a bit of scaremongering to me. Although numerous outlets have posted the article, it's essentially the same article, same wording and only minor variations.

As of yesterday (probably after I checked), CISA has some information about the communications intrusion. However, they still don't seem to be making suggestions about individuals and encryption. The information seems directed at network engineers.

As of this release date, identified exploitations or compromises associated with these threat actors’ activity align with existing weaknesses associated with victim infrastructure; no novel activity has been observed. Patching vulnerable devices and services, as well as generally securing environments, will reduce opportunities for intrusion and mitigate the actors’ activity.

https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure

I1i2 wrote:

I have seen warnings to NOT text between iPhone and android due to Chinese hack

No, you may have seen silly messages, but they are not from the FBI or any other reputable agency.

Scaremongering indeed.