Think twice before sending your next text message. Or better yet, make sure you are using an end-to-end encryption method.
Consumers regularly use different types of messaging technology from the biggest technology companies including Apple, Alphabet and Meta Platforms, including iMessage, Google Messages, WhatsApp and SMS, but the level of protection varies. Now, the U.S. government is expressing greater concern after a recent massive hack of the nation’s largest telecom companies.
Last month, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation revealed a campaign by hackers associated with China, Salt Typhoon, that compromised AT&T and Verizon, and others, and was one of the largest hacks of U.S. infrastructure in history. Following that warning, CISA, the National Security Agency, the FBI and international partners published a joint guide to help protect Americans. One suggestion is to use end-to-end encryption, a method that makes communications more secure.
End-to-end encryption helps ensure that only the intended recipients can read your messages as they travel between your phone and another person’s phone. Secure messaging apps use end-to-end encryption to protect communications from hackers, surveillance and unauthorized access, so even messaging app providers can’t read your messages.
“All things being equal, if you have the opportunity to use a platform that’s end-to-end encrypted, you should,” said Michael Hughes, chief business officer of Duality Technologies, which allows organizations to share and analyze sensitive data using encryption.
Many consumers don’t know their options for communicating securely over messaging apps. Here are the basics.
WhatsApp, Signal among best end-to-end options
Consumers use different messaging apps for various purposes, often without giving a second thought to security. However, there are notable differences among platforms that people need to be aware of.
From a security perspective, free messaging apps like Meta’s WhatsApp and Signal — whose co-founder was one of the creators of WhatsApp — are considered the best because end-to-end encryption is built in. That makes these apps highly preferable to SMS and MMS, two older methods of messaging that don’t offer end-to-end encryption, said Trevor Horwitz, founder of TrustNet, a cybersecurity and compliance services provider.
Even platforms considered the best for end-to-end encryption have downsides. Signal is a favorite among many privacy enthusiasts because its mission emphasizes not collecting or storing sensitive information. This can be especially compelling for people who are wary of WhatsApp’s parent Facebook and its privacy practices. The downside to Signal is it’s not as widely used as WhatsApp and if your contacts aren’t on it, you can’t communicate, said Roger Grimes, an analyst at KnowBe4, a security platform provider.
There are also paid messaging apps that are end-to-end encrypted, such as Threema. It’s privacy by design and no phone number or email address is required, but it costs a few dollars, and getting your friends and family to join when there are free options that are already popular might be a challenge.
Most people will use encryption “if it’s default and they don’t have the slightest inconvenience,” Grimes said.
RCS and iMessage
Many messaging platforms now use RCS, which stands for Rich Communication Services. It’s a successor to SMS and MMS that has enhanced features and also offers the ability for end-to-end encryption, though not by default on all devices. For example, RCS messages using Google Messages are automatically upgraded to end-to-end encryption, but Apple’s implementation of RCS on iPhones is not end-to-end encrypted, Horwitz said.
For any Apple device user, the company’s proprietary iMessage app is end-to-end encrypted, but for users sending RCS messages through other text plans, such as a mobile carrier text option, end-to-end encryption isn’t offered. As Apple explains itself of sending messages through non-iMessage RCS options: “They’re not protected from a third-party reading them while they’re sent between devices.”
Additionally, not all devices are compatible with RCS and it’s not universally supported by carriers. Plus, there are compatibility issues between some iPhone and Android devices that are still being worked out, Horwitz said.
Facebook Messenger gaps in encryption
It’s even more complicated because technology companies have multiple messaging products and not every application from a particular provider supports end-to-end encryption in the same way. For example, Facebook Messenger offers end-to-end encrypted messages, but not in all cases. According to Facebook, some products don’t currently support end-to-end encryption, such as community chats for Facebook groups, chats with businesses or accounts using business messaging tools, Marketplace chats and others.
Consumers should try to dig deeper into the apps they are using to understand how end-to-end encryption works for a particular app, said Deirdre Connolly, cryptography standardization research engineer at SandboxAQ, an AI applications developer. This information is often available in the support or privacy section of a provider’s website. But even then, it can be hard to find and decipher. “You have to go into the fine print,” Connolly said.
Google vs. Apple
Google Messages is the default messaging app on many devices running the Android operating system and many people use it to communicate, but consumers need to understand that not all messages sent or received using the app are end-to-end encrypted. The app supports end-to-end encryption when messaging other users using Google Messages over RCS, according to the company. But messages aren’t end-to-end encrypted when communicating with an iPhone user, for example. Text messages appear dark blue in the RCS state and light blue in the SMS/MMS state. Users will also see a lock symbol when end-to-end encryption is active in a conversation.
In Apple’s case, communications between two iMessage users are end-to-end encrypted, but iMessage is an Apple-specific platform. That means, at present, communications between iMessage users and Android device users aren’t end-to-end encrypted. A green message bubble instead of a blue one indicates the message was sent using MMS/SMS instead of iMessage.
In fact, a Department of Justice antitrust case against Apple harps on the failure to offer end-to-end encryption outside its iOS messaging app as a monopoly concern.
Protocols are being developed to allow end-to-end encryption between different communication platforms using RCS, but that’s still a work in progress. “Work with key industry stakeholders is progressing well and we look forward to updating the market in the coming months,” said a spokesperson for GSMA, an industry organization spearheading this effort.
Phone settings and ongoing risk of hacks
One thing people should do is check the settings on their phones. Many consumers have older phones and those who don’t have auto updates enabled may miss critical security updates, which could include messaging apps that allow for end-for-end encryption, said Chris Henderson, senior director of threat operations at Huntress, a cybersecurity company. Also, with a new phone, settings on transferred apps might not migrate. If you have enabled end-to-end encryption for apps on your prior phone, it’s also a good idea to check that the settings are enabled on the new phone as well, Henderson said.
End-to-end encryption is not foolproof because hackers can intercept users’ communications in other ways, such as if the device itself is compromised, Horwitz said. For security purposes, it’s also important to keep your devices healthy by installing all software updates, avoiding sketchy downloads, and performing periodic reboots.
Even so, using end-to-end encryption is a good practice, when available. “Threat actors go where the masses go,” said Kory Daniels, global CISO for Trustwave, a cybersecurity and managed security services provider. “If the masses are still using unencrypted communication methods, [bad actors] will continue to exploit the opportunity until users begin to evolve their digital behaviors.”
An electric air taxi by Joby Aviation flies near the Downtown Manhattan Heliport in Manhattan, New York City, U.S., November 12, 2023.
Roselle Chen | Reuters
Air taxi maker Joby Aviation in a new lawsuit accused competitor Archer Aviation of using stolen information by a former employee to “one-up” a partnership deal with a real estate developer.
“This is corporate espionage, planned and premeditated,” Joby said in the lawsuit filed Wednesday in a California Superior Court in Santa Cruz, where the company is based.
Archer and Joby did not immediately respond to CNBC’s request for comment.
The lawsuit alleges that former U.S. state and local policy lead, George Kivork, downloaded dozens of files and sent some content to his personal email two days before he resigned in July to take a job at Archer, which had recruited him.
By August, Joby said a partner that worked with Kivork said it had been approached by Archer with a “more lucrative deal.” Joby alleges that the eVTOL rival’s understanding of “highly confidential” details helped it leverage negotiations.
Joby also said the developer attempted to terminate the agreement, citing a breach of confidentiality.
Read more CNBC tech news
Kivork refused to return the files when Joby approached him after conducting an investigation, according to the suit. The company also said Archer denied wrongdoing, and would not disclose how it learned about the terms of the agreement or provide results from an internal investigation it allegedly undertook.
The lawsuit comes during a busy period for electric vertical takeoff and landing (eVTOL) technology as companies race to gain Federal Aviation Administration certification to start flying commercially. ‘
Joby argued in the complaint that it’s “imperative” to protect Joby’s work “from this type of espionage” to promote the sector’s success and ensure fair competition.
Last week, Joby said it completed its first test flight for a hybrid aircraft it’s working on with defense contractor L3Harris. This month, Amazon-backed Beta Technologies, another electric flight company, also went public on the New York Stock Exchange.
Joby shares have more than doubled over the last year, while Archer is up about 68%.
In August 2023, Archer settled a previous legal dispute with Boeing-owned Wisk Aero over the alleged theft of trade secrets. As part of the deal, Archer agreed to use Wisk as its autonomous tech partner.
Every weekday, the CNBC Investing Club with Jim Cramer releases the Homestretch — an actionable afternoon update, just in time for the last hour of trading on Wall Street. Markets : There was an ugly reversal in the market Thursday. Stocks soared for most of the morning in reaction to Nvidia ‘s strong quarter, bullish outlook on AI spending, and pushback that customers weren’t generating a sufficient return on their investment. Nvidia shares climbed as high as $196 on Thursday — a roughly 5% gain — and its gravitational pull helped lift other technology and AI-adjacent industrial stocks. The market’s gains pushed the S & P 500 into positive territory for the week. However, around 11 a.m. ET, the market began to fall rapidly, with technology and industrial names leading the decline. Nvidia gave up all of its gains and dropped 2%. Bitcoin hit its lowest level since late April. Notable defensive stocks like consumer staples held onto their gains, though. That resilience reinforces our decision to diversify further, which we did earlier this week , by adding Procter & Gamble to the portfolio. The S & P 500’s decline has pushed the index back toward the lows of its recent downturn, marking a roughly 5% pullback from its high. It remains to be seen whether Thursday’s reversal is a sign of investors continuing to retreat from risk assets or simply a retest of the recent downdraft. But Nvidia’s earnings report gave zero indication of a slowdown in demand for AI compute. Interest rate cut: Expectations for a 25-basis-point rate cut at the Federal Open Market Committee’s next meeting in December continue to fluctuate. One month ago, a rate cut seemed like a sure thing with a 98.8% probability, according to the CME FedWatch Tool . But the odds dropped to about 50% a week ago after a slew of hawkish commentary from Federal Reserve members. On Wednesday, the odds of a cut plummeted to 30% after the release of the October Fed minutes, which showed that the central bank was hesitant to lower rates again this year. But after the long-delayed September jobs data finally came out Thursday, the probability of a 25-basis-point reduction jumped to 40%. Although the economy added 119,000 jobs in September, more than double the forecasted figure, the unemployment rate ticked higher. The Fed is in a bind, trying to balance a softening labor market against the risk that a rate cut could reignite inflation. Up next: Gap, Ross Stores , Intuit , and Veeva Systems report after the closing bell. BJ’s Wholesale Club will post results Friday morning. On the economic data side, tomorrow we’ll get November’s S & P Global Flash PMI for Manufacturing and Services, along with the University of Michigan’s consumer sentiment survey. (See here for a full list of the stocks in Jim Cramer’s Charitable Trust.) As a subscriber to the CNBC Investing Club with Jim Cramer, you will receive a trade alert before Jim makes a trade. Jim waits 45 minutes after sending a trade alert before buying or selling a stock in his charitable trust’s portfolio. If Jim has talked about a stock on CNBC TV, he waits 72 hours after issuing the trade alert before executing the trade. THE ABOVE INVESTING CLUB INFORMATION IS SUBJECT TO OUR TERMS AND CONDITIONS AND PRIVACY POLICY , TOGETHER WITH OUR DISCLAIMER . NO FIDUCIARY OBLIGATION OR DUTY EXISTS, OR IS CREATED, BY VIRTUE OF YOUR RECEIPT OF ANY INFORMATION PROVIDED IN CONNECTION WITH THE INVESTING CLUB. NO SPECIFIC OUTCOME OR PROFIT IS GUARANTEED.
Bitcoin dropped on Thursday to levels not seen in more than six months, as investors appeared to pull back exposure to riskier assets and weighed the prospects of another Federal Reserve rate cut next month.
The flagship digital currency fell to as low as $86,325.81, its lowest level since April 21. It last traded at $86,690.11.
The release of stronger-than-expected U.S. jobs data raised questions about whether the central bank would lower its benchmark overnight rate. The U.S. economy added 119,000 in September, well above the 50,000 economists polled by Dow Jones expected.
That report sent the probability of a December rate cut to around 40%, according to the CME Group’s FedWatch tool.
Bitcoin’s pullback formed part of a broader cryptocurrency market decline. XRP was last down 2.3% on the day, and is below $2.00, while ether shed more than 3% to trade well below $3,000. Dogecoin was unchanged.
The world’s oldest crypto also led stocks lower, even after a blockbuster Nvidia earnings report. Traders who are heavily invested in AI-related stocks tend to also hold bitcoin, linking the two trades.
Bitcoin’s price has largely slid since a rash of cascading liquidations of highly leveraged crypto positions in early October.
