(NewsNation) — The FBI is warning Americans to stop relying on text messages for two-factor authentication in the wake of a major network hack that could expose unencrypted messages to cybercriminals.
Earlier this month, the FBI urged cell phone users to use encrypted messaging apps, like Signal or WhatsApp, to ensure their communications stay hidden from an alleged Chinese cyberattack. The warning came after hackers, believed to be linked to China, allegedly hacked AT&T, Verizon and Lumen Technologies to spy on customers.
On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) issued a new memo in response to the breach, advising against SMS for authentication codes, calling the method "not phishing-resistant," especially for high-profile targets.
Yashin Manraj, a coding a securities expert, told NewsNation that Americans need to be extra cautious when receiving text messages to ensure they aren't handing over sensitive information.
"In terms of texting, the biggest worry is not the two-factor, but the fact that people ... are clicking a lot of links. I think that's where 60 to 70% of the active successful hacks has been, is that people have been able to send phishing links that basically are able to divert your information, your bank information, or access to more critical infrastructure," he said.
CISA recommends more secure alternatives such as authentication apps or FIDO authentication and passkey, which are considered the most reliable methods for account verification.
Additionally, the agency advises using strong passwords, enabling PIN protection, keeping personal devices updated and using password managers.
The advisory follows reports of one of the largest intelligence breaches in U.S. history, allegedly conducted by Salt Typhoon, a Chinese government-linked hacking group. It has not yet been fully remediated.
Source:
www.newsnationnow.com
English (United States) ·