Federal agencies are advising against sharing messages between iPhone and Android devices due to rising foreign security threats. This warning comes from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), who disclosed a significant cyber espionage campaign linked to investigations into the People’s Republic of China (PRC) on November 13.
The agencies revealed that a select group of individuals involved in government or political activities was targeted, leading to the theft of call records and sensitive information that was protected under U.S. law. Officials noted that text messages exchanged between Android and Apple devices are particularly at risk because they lack encryption, making them susceptible to interception.
CISA’s executive assistant director for cybersecurity, Jeff Greene, emphasized the importance of encryption in safeguarding communications. “Encryption is your friend,” he stated, encouraging users to avoid unencrypted text messages. During a recent press briefing, he reinforced the idea that even if adversaries manage to intercept the data, encryption significantly hinders their ability to analyze it.
In response to these cyber threats, the FBI, CISA, and other federal entities published the “Enhanced Visibility and Hardening Guidance for Communications Infrastructure,” offering strategies for organizations to better protect themselves against compromises by foreign actors, particularly those associated with the PRC.
The campaign, known as “Salt Typhoon,” spearheaded by a Chinese group, has targeted major telecommunications providers including Verizon and AT&T and is considered one of the significant intelligence breaches in U.S. history. Following the announcement of the Salt Typhoon hack in early October, lawmakers urged telecom companies to enhance their cybersecurity measures to safeguard Americans’ data from increasingly sophisticated threats, particularly from foreign adversaries. Fortunately, the Salt Typhoon campaign has reportedly been managed without major disruption to consumers.
For those concerned about security, several messaging apps are available for both iOS and Android platforms, featuring robust security features such as end-to-end encryption and two-factor authentication, which can help users protect their communications.
Overall, while the threat landscape poses challenges, adherence to recommended security practices, such as using encrypted messaging solutions, can significantly enhance personal and organizational cybersecurity. It is a reminder that proactive measures are key to countering evolving cyber threats.
Summary: Federal agencies are warning against sharing texts between iPhone and Android due to security vulnerabilities. A campaign linked to China has targeted telecoms, stressing the need for encrypted messaging apps to protect communications.