A huge hack of U.S. phone companies means your text messages may not be safe

At least eight U.S. telecom firms and dozens of countries have been impacted this week by what a top White House official called a Chinese hacking campaign that has also raised concerns about the security of text messaging.

At a media briefing Wednesday, U.S. deputy national security adviser Anne Neuberger shared details about the breadth of a sprawling hacking campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans.

A group of hackers known as Salt Typhoon is being blamed for the attack targeting companies, which reportedly included  AT&T, Verizon and Lumen Technologies. White House officials cautioned that the number of telecommunication firms and countries impacted could still grow.

Canadian cybersecurity experts paying close attention to this latest breach say some industry practices and government regulations that allow intelligence organizations access to the telecommunications system are part of the problem. These experts and U.S. law enforcement officials are recommending that people take action to protect their text messages.

"The attack that is unfolding in the United States is a reflection of historical and continuing vulnerabilities in telecommunication networks around the world, and some of those vulnerabilities are made worse by government," said Kate Robertson, a lawyer and senior researcher at the University of Toronto's Citizen Lab, which studies digital threats to civil society.

Though the hack apparently focused on American politicians and government officials, experts say regular SMS text messages, the kind most wireless carriers offer, aren't very secure because they're unencrypted.

"We are constantly bombarded with concerns about phishing and email scams and malicious links," said security consultant Andrew Kirsch, a former intelligence officer with the Canadian Security Intelligence Service (CSIS).

"This shines a light on the fact that the other vulnerability is through our telecommunications, phone calls and text messages."

Agency 'not aware' of Canadian networks impacted 

Communications Security Establishment Canada (CSE), which provides the federal government with information technology security and foreign signals intelligence, said in a statement on Saturday that at this time, it "is not aware of any Canadian networks impacted by this activity."

The agency went on to say that the Canadian Centre for Cyber Security, which is part of the CSE, "works closely with Canadian government partners and critical infrastructure providers to help them protect their networks and systems from cyber threats."



Comments

Post a Comment

Popular posts from this blog

July 2024 Patch Tuesday Unleashes a Torrent of Updates

to a pair of cowboy fighter pilots (ahem, naval aviators) in  Top Gun . Less well known, but still  Alive And Kicking  (like the song released the same year by Simple Minds), the TIFF image file format also was introduced that year by Aldus Corporation, now known as Adobe. This CVE addresses a critical, easily exploitable vulnerability specific to this 38-year-old file format. A specially-crafted, malicious TIFF file, uploaded to a vulnerable server, could have triggered the server that receives the file to execute malicious code embedded in the TIFF file. Patch your servers to take them out of the danger zone. CVE-2024-38032 – Microsoft Xbox Remote Code Execution Vulnerability Users of the Xbox gaming console who also happen to have a wireless adapter, and connect wirelessly to their local network, should beware of strangers lurking on their network who can attack these devices. The (so far) hypothetical threat is that someone who is connected to your wireless network ca...
Read more

CVE-2023-26369 Adobe acrobat update

Adobe's  Patch Tuesday update  for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. Described as an out-of-bounds write, successful exploitation of the bug could lead to code execution by opening a specially crafted PDF document. Adobe did not disclose any additional details about the issue or the targeting involved. "Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader," the company  acknowledged  in an advisor CVE-2023-26369 affects the below versions - Acrobat DC (23.003.20284 and earlier versions) - Fixed in 23.006.20320 Acrobat Reader DC (23.003.20284 ...
Read more

US court holds Israeli spyware liable for hacking Meta’s WhatsApp

Image
Gujarat India NRI News Entertainment Sports Lifestyle & Fashion Health Business World Science & Technology VIDEO GUJARATI E-PAPER SEARCH Gujarat Samachar World US court holds Israeli spyware liable for hacking Meta’s WhatsApp Updated: Dec 22nd, 2024 A US court on Friday held in favour of tech giant WhatsApp in a lawsuit accusing Israel’s NSO Group Technologies Ltd of exploiting a bug in the messaging app to install spy software that allowed unauthorised surveillance. US District Judge Phyllis Hamilton in Oakland, California, granted a motion by WhatsApp and found NSO liable for hacking and breach of contract. According to the court document, “WhatsApp filed this lawsuit, alleging that defendants sent malware, using WhatsApp’s system, to approximately 1,400 mobile phones and devices designed to infect those devices to surveil the users of those phones and devices.”  The targets included journalists, human rights activists and dissidents. Among the 1,400 mobile phones th...
Read more