FBI warns iPhone and Android users: Stop sending text messages

FBI warns iPhone and Android users: Stop sending text messages

Republished December 5 with additional comments from the FBI and reports on U.S. political pressure over the scale of these Chinese cyberattacks.

Timing is everything. Just when Apple’s launch of RCS seemed to signal a return to texting over WhatsApp’s unstoppable growth, a surprising new hurdle comes along to stop it. While sending Android-to-Android or iPhone-to-iPhone messages is safe, sending messages from one device to another is not.

Now even the FBI and CISA, the U.S. cyber defense agency, are warning Americans to responsibly use encrypted messages and phone calls wherever they can. The background is Chinese hacking of US networks, which is reportedly “ongoing and likely on a larger scale than previously thought.” Fully encrypted communications are the best defense against this compromise, and Americans are encouraged to use them whenever possible.

ForbesFBI Hacking Warning – Change Two Settings on Your iPhone

The network cyberattacks attributed to Salt Typhoon, a group linked to China’s Ministry of Public Security, have raised concerns about vulnerabilities in critical U.S. communications networks. The reality looks different. Without fully end-to-end encrypted messages and calls, this is the case always There is a possibility that content may be intercepted. This is why companies like Apple, Google and Meta encourage its use, emphasizing the fact that even they cannot see content.

According to a senior FBI official, “Facts will continue to evolve over time as part of investigative activity, particularly one so significant and extensive…The continuing investigations in the PRC targeting commercial telecommunications infrastructure have uncovered a comprehensive and significant cyber espionage campaign That campaign, he warned, “showed that cyber actors linked to the People’s Republic of China compromised the networks of several telecommunications companies to enable multiple activities,” and confirmed that “the FBI in late spring and began investigating these activities early this summer.”

The FBI official warned that citizens should “use a cell phone that automatically receives timely operating system updates, responsibly managed encryption and phishing-resistant MFA for email, social media and collaboration tool accounts.”

As reported by PoliticoCISA’s Jeff Greene added to this, urging Americans to: “Use your encrypted communications where you have them… we certainly need to do that and think about what it means in the long term in terms of how we secure our networks.” “

While what is known so far about the Salt Typhoon attacks, the FBI official warned that widespread call and text metadata was stolen in the attack, but extensive call and text content was not. But “the actors compromised the private communications of a limited number of individuals primarily involved in government or political activities.” This would have included call and text content.”

The scale of the hacking campaign and the impact on the US’s critical infrastructure and the security of its networks have created an unsurprising political storm. As reported by Reuters, “U.S. government authorities held a classified briefing for all senators on Wednesday about China’s alleged efforts, known as “Salt Typhoon,” to penetrate deep into American telecommunications companies and steal data about U.S. calls.” After the briefing, “U.S. senators promised action .”

Reuters also reported that “a Senate Commerce subcommittee will hold a hearing on Dec. 11 on Salt Typhoon and how “security threats pose risks to our communications networks, and will review best practices.” There is growing concern about the size and scope of reported Chinese hacking attacks on U.S. telecommunications networks and questions about when companies and the government can reassure Americans on the matter.”

During the original media briefing on Tuesday, CISA’s Greene reportedly suggested that “Americans should use encrypted apps for all their communications” (1,2). This means you no longer need to send SMS from iPhone to Android, although iMessages and Google Messages are fully encrypted on these platforms.

Greene added: “Our suggestion that we’ve been telling people internally is not new here: Encryption is your friend, whether it’s text messages or whether you have the ability to use encrypted voice communications.” Even if that If adversaries were able to intercept the data, encryption would be impossible if it were encrypted.”

An alert was released Tuesday about the ongoing telecommunications network hacks jointly issued by the FBI, CISA and NSA, as well as other Five Eyes agencies.

The lack of end-to-end encryption to protect cross-platform RCS, the successor to SMS, is a glaring omission. This was highlighted in Samsung’s recent celebratory PR note about the success of RCS, which included the caveat that only Android-to-Android messages are secured. It remains a great irony that while Google and Apple separately recommend Android and iPhone users to rely on end-to-end encryption, RCS is still missing and there is no timeline in sight for a solution.

Mobile standards setter GSMA and Google have announced that encryption will be introduced in RCS, but there is no set date yet. This assurance appeared to be in response to the backlash following Apple’s update with media attention on the security issue. Apple – whose iPhone ecosystem includes increasingly comprehensive encryption – has not commented.

These warnings have an ironic twist. As PC Mag commented: “This push to use end-to-end encryption is ironic, as the FBI has long complained that the same technology can hamper its investigations into criminals’ confiscated smartphones and online accounts.”

With this in mind, the FBI’s exact wording is critical, with an emphasis on responsible Encryption that has mostly been overlooked in reports. Responsible in this context means granting access to user data through lawful requests, including – potentially – content. While this may seem like subtlety, it is anything but subtle. This rules out many of the largest and most well-known messaging platforms such as WhatsApp and Signal, as they cannot provide access to content without compromising the endpoint (device), and access to the data occurs at one end of end-to-end encryption .

ForbesMicrosoft’s bad news for millions of Windows users – you are now in danger

However, I still advise using fully encrypted WhatsApp over RCS for all cross-platform messaging, at least until RCS adds its own full encryption between iPhones and Androids. Once you leave the walled gardens of Apple or Google, this security protection falls away. Since there are now many good, secured platforms available, it’s not worth taking the risk. The need for complete security has never been greater given the ongoing cyber threat landscape.

There are other fully encrypted platforms too – notably Signal, the best of them all, albeit with a much smaller install base. Even Facebook Messenger now fully encrypts messages, making sending standard SMS/RCS SMS even more of an outlier. Signal and WhatsApp also enable fully encrypted voice and video calls across platforms, so they should also be your default choices given this FBI/CISA warning.

Ironically, Apple’s iOS 18.2, releasing this month, will allow iPhone users to change the default messenger on their devices from iMessage. Timing is really everything.

Leave a Reply

Your email address will not be published. Required fields are marked *