Tech
FBI Warns iPhone and Android Users to Stop Texting
The FBI has warned Android users to refrain from texting messaging iPhone users and vice versa in a statement following a report that revealed text data was easily hackable due to a lack of encryption.
To keep others from listening in on their discussions, the FBI is advising users to use safe, encrypted messaging and phone calls using apps like WhatsApp. The warning follows news that Chinese hackers named “Salt Typhoon” had gained access to many US networks, with the extent of the breach perhaps being more than first believed.
‘Salt Typhoon’ is the gang that has already targeted the metadata of many clients, including information like call and text recipients, dates, and hours. A senior FBI official stated that “the facts will evolve over time within the investigative activity, especially one this significant and this large.”
The ongoing probe into the PRC’s targeting of commercial telecom infrastructure has uncovered a large-scale and noteworthy cyber espionage operation.
FBI Warns iPhone and Android Users
In addition to stating that “the FBI began investigating this activity in late spring and early summer of this year,” he cautioned that this effort “identified that PRC affiliated cyber actors have compromised networks of multiple telecom companies to enable multiple activities.”
“Using a cell phone that automatically receives timely operating system updates, responsibly managed encryption, and phishing resistant MFA for email, social media, and collaboration tool accounts” is what the FBI official advised individuals to do.
Adding to this, Jeff Greene of CISA told Forbes, “We definitely need to do that, kind of look at what it means long-term, how we secure our networks.” He strongly encouraged Americans to “use your encrypted communications where you have it.”
According to the information available, the Salt Typhoon attacks did not steal extensive call and text content, but the FBI official cautioned that extensive call and text metadata was. However, “a small number of people who are primarily involved in government or political activities had their private communications compromised by the actors.” This would have included text and phone contents.
Political upheaval is hardly surprising given the scope of the hacking campaign and the consequences for US critical infrastructure and network security.
Chinese Hacking Telecommunications Networks
China’s purported efforts, known as Salt Typhoon, to infiltrate American telecommunications companies and acquire data about U.S. calls were the subject of a classified briefing for all senators on Wednesday, according to Reuters. When the briefing was over, “US senators vow[ed] action.”
“A Senate Commerce subcommittee will hold a hearing on December 11 on Salt Typhoon and how security threats pose risks to our communications networks, and review best practices,'” according to Reuters.
Concern over the extent and magnitude of the alleged Chinese hacking of American telecommunications networks is growing, as is uncertainty about when businesses and the government will be able to reassure citizens about the situation.
According to reports, CISA’s Greene recommended “that Americans should use encrypted apps for all their communications” during Tuesday’s initial media briefing (1,2). This means that even while iMessages and Google Messages are completely secured on those platforms, you should avoid sending messages from your iPhone to Android.
“Our recommendation, which we have discussed internally, is not new here: encryption is your friend, whether you’re using text messaging or have the ability to use encrypted voice communication,” Greene continued.
Encrypting the data will prevent the adversary from intercepting it, even if they are able to do so.
The FBI, CISA, NSA, and other Five Eyes organisations together issued a notice on Tuesday regarding the ongoing telco network breaches.
One obvious deficiency is the absence of end-to-end encryption to safeguard cross-platform RCS, SMS’s replacement. Samsung recently issued a PR release celebrating the success of RCS, highlighting the fact that only texting between Android devices is safe.
End-to-end encryption for Android and iPhone
The fact that Google and Apple separately recommend end-to-end encryption for Android and iPhone users, but it is still absent from RCS and has no estimated time of arrival, is still a glaring irony.
Although there isn’t a specific date yet, Google, GSMA, and the mobile standard-setter have stated that encryption will eventually be included to RCS.
With the media picking up on the security vulnerability after Apple’s upgrade, that assurance appeared to be a reaction to the criticism. Apple, the company behind the more fully encrypted iPhone environment, has refrained from commenting.
These warnings have an ironic twist. The FBI has long complained that the same technology can impede their investigations into seized devices and online accounts belonging to criminal suspects, so PC Mag noted that “this push to use end-to-end encryption is ironic.”
In light of this, the FBI’s exact language is crucial, emphasising prudent encryption, which has otherwise received little attention in stories. In this context, “responsible” refers to granting access to user data, and possibly content, through legitimate requests.
FBI recommends Whatsapp
Although this might seem like a subtlety, it is not. Due to their inability to grant access to any content without an endpoint (device) compromise, which would allow access to the data at one end of the end-to-end encryption, this excludes many of the biggest and most well-known messaging systems, including WhatsApp and Signal.
However, until RCS adds its own full encryption across iPhones and Androids, I still advise using the fully encrypted WhatsApp over RCS for any cross-platform chat.
These security measures vanish as soon as you leave Google’s or Apple’s walled gardens. Now that there are so many excellent, secure platforms accessible, the risk is not worth it. Given the constantly changing world of cyber threats, complete security is more important than ever.
Other completely encrypted platforms exist as well; Signal is the greatest of them all, albeit its install base is far smaller. The fact that Facebook Messenger now completely encrypts messages further distinguishes ordinary SMS/RCS texting as an anomaly.
Given this FBI/CISA warning, Signal and WhatsApp should also be your first choices because they allow cross-platform, completely encrypted audio and video calls.
Ironically, iPhone owners will be able to switch from iMessage as the default messenger on their smartphones with Apple’s iOS 18.2, which is scheduled for release this month. It’s all about timing.
