The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have urged Americans to use encrypted messaging and calls wherever possible, citing security vulnerabilities in communication networks amid an extensive Chinese hacking campaign.
The campaign, identified as “Salt Typhoon,” has infiltrated major telecommunications networks including AT&T, Verizon, and Lumen Technologies. T-Mobile reports it was targeted but largely rebuffed the attackers. The campaign, which officials say is “ongoing and likely larger in scale than previously understood,” has compromised private communications data and metadata.
“The actors compromised private communications of a limited number of individuals who are primarily involved in the government or political activities. This would have contained call and text contents,” a senior FBI official stated.
CISA Executive Assistant Director Jeff Greene emphasized the importance of encrypted communications, stating that encryption is crucial for both text messaging and voice communications. He explained that even if adversaries manage to intercept the data, encryption would render it unreadable, ensuring the security of the information.
The FBI advised that individuals use cell phones which automatically receive timely operating system updates, are equipped with responsibly managed encryption, and incorporate phishing-resistant multifactor authentication (MFA) for email, social media, and collaboration tool accounts. This recommendation was made as part of efforts to enhance security amid rising cyber threats.
Similar Posts:
The Rich Communication Services (RCS) protocol, intended to replace traditional SMS, lacks end-to-end encryption for cross-platform messaging between iOS and Android devices. Samsung’s recent RCS implementation only secures Android-to-Android communications, leaving inter-platform messages vulnerable.
The telecom breach has exposed three primary types of information:
- Call records and metadata, particularly around Washington, D.C.
- Live phone calls of specific targets
- Systems handling Communications Assistance for Law Enforcement Act (CALEA) compliance
Senator Ron Wyden (D-Ore.) criticized the current infrastructure: “Whether it’s AT&T, Verizon, or Microsoft and Google, when those companies are inevitably hacked, China and other adversaries can steal those communications.”
U.S. officials advocate for using end-to-end encrypted messaging apps:
- Signal and WhatsApp: Provide automatic encryption for calls and messages
- iMessage: Secure for iPhone-to-iPhone communications
- Google Messages: Encrypted for Android-to-Android messaging
CISA officials stated it was “impossible to predict a time frame on when we’ll have full eviction” of the hackers from affected networks. The FBI characterizes this as a “cyberespionage campaign, not dissimilar to any other approaches,” focused on gathering intelligence rather than election interference.
While GSMA and Google have promised to add encryption to RCS, no definitive timeline exists. Apple’s iOS 18.2, due this month, will enable iPhone users to change their default messenger from iMessage, potentially affecting security choices for cross-platform communications.
The investigation continues as telecommunication companies work to secure their networks against ongoing threats. Officials emphasize the importance of encrypted communications as a primary defense against network vulnerabilities.
