The FBI and CISA (Cybersecurity and Infrastructure Security Agency) have issued a strong warning to iPhone and Android users about the growing risks of using standard text messaging, urging Americans to prioritize fully encrypted communication. This comes amid escalating cyberattacks attributed to “Salt Typhoon,” a Chinese-linked hacking group accused of breaching U.S. telecommunications networks.
The Vulnerability in Text Messaging
While Android-to-Android and iPhone-to-iPhone messages benefit from encryption, messages sent between the two platforms lack end-to-end encryption, leaving them vulnerable to interception. The FBI emphasizes the importance of using apps with robust encryption to secure text messages and calls.
“Encryption is your friend,” said Jeff Greene of CISA. “Even if the adversary intercepts the data, encryption ensures it remains inaccessible.”
The Threat: Chinese Cyberattacks
Salt Typhoon, a group tied to China’s Ministry of Public Security, has been linked to a large-scale cyber espionage campaign targeting U.S. telecom networks. The attacks have compromised sensitive data, including call and text metadata, and in some cases, private communications of individuals involved in government and political activities.
An FBI representative warned of the severity of the attacks, stating, “This campaign has revealed the compromise of multiple telecom companies, allowing the attackers to facilitate espionage activities on a significant scale.”
Steps to Protect Yourself
The FBI and CISA recommend the following measures to safeguard your communications:
- Use encrypted messaging apps like WhatsApp or Signal for text and voice communication.
- Ensure your device automatically receives timely software updates.
- Enable phishing-resistant multi-factor authentication (MFA) for all accounts.
These steps are crucial in light of the vulnerabilities in RCS (Rich Communication Services), the successor to SMS. While RCS provides encryption for Android-to-Android messaging, it lacks cross-platform encryption, leaving communication between iPhones and Androids unprotected.
Government and Industry Response
The ongoing cyberattacks have sparked political urgency. U.S. senators were briefed on the Salt Typhoon campaign, with a Senate Commerce subcommittee planning a hearing to address the security risks posed to telecommunications networks.
Despite assurances from GSMA and Google that RCS encryption is in development, no timeline has been set. Meanwhile, Apple has remained silent on plans to address cross-platform encryption.
Encrypted Apps Are the Best Defense
Until RCS achieves full end-to-end encryption, experts advise relying on established encrypted platforms such as Signal and WhatsApp. These apps offer not only encrypted messaging but also secure voice and video calls.
“There is no reason to risk your privacy,” the FBI emphasized. “With multiple secure options available, Americans should transition to encrypted communication to protect against growing cyber threats.”
