Chinese hackers have access to US telecom networks; end-to-end encryption touted as a practical privacy measure
From the Washington Post (archive link), we have new reports that Chinese hackers have been able to infiltrate US telecom networks, listen in on conversations in real-time, and read unencrypted text messages. In addition, "Hackers have acquired access to the system that logs U.S. law enforcement requests for criminal wiretaps, allowing the Chinese to know who is of interest to authorities."
Although federal law enforcement agencies have known for months, the issue could take some time to resolve, as a prime vector is the aging infrastructure US telecom companies understandably could not afford to secure.
The networks are still compromised, and booting the hackers out could involve physically replacing “literally thousands and thousands and thousands of pieces of equipment across the country,” specifically outdated routers and switches, Warner said.
China has active access to AT&T, Verizon, and T-Mobile networks and has previously been shown capable of reconfiguring switches to exfiltrate data.
What is the main line of defense against these efforts?
End-to-end encrypted communications such as those on the Signal platform are believed to be protected, officials said.
Remember:
- Signal uses end-to-end encryption (E2EE) by default, actively minimizes the data retained about users, offers sealed sender to further reduce metadata, and has usernames so that you do not have to give your phone number out.
- WhatsApp uses the Signal Protocol for E2EE by default. But owing to Meta's ownership, isn't as private as you might think.
- Telegram is not encrypted by default, and encrypted chats cannot be viewed on desktop as they can with the other apps.
- iMessage (iPhone blue bubbles) is E2EE, but you should definitely consider enabling Advanced Data Protection so that your synced messages and iCloud backups are encrypted and inaccessible from Apple's servers.
For further reading, check out this post from Tuta.