The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a stark warning to Americans, urging them to stop sending text messages between iPhones and Android devices and switch to fully encrypted messaging apps.
The advisory comes in the wake of large-scale cyberattacks attributed to Salt Typhoon, a hacking group associated with China’s Ministry of Public Security.
The group’s attacks on US telecommunications networks have raised concerns about vulnerabilities in critical communication systems.
“Use your encrypted communications where you have it,” said CISA’s Jeff Greene during a press briefing. He emphasised the importance of encryption as a frontline defence against cyber threats, noting that even intercepted data remains unreadable if encrypted.
Cross-platform texts at risk
While messages sent between iPhones via iMessage or between Android devices using Google Messages are encrypted, communication between the two platforms remains vulnerable. The lack of end-to-end encryption in Rich Communication Services (RCS), the successor to SMS, has become a critical issue, with no clear timeline for a fix.
Tech giants Google and Apple have acknowledged the gap. However, despite promises from Google and the mobile industry body GSMA to implement encryption for RCS, progress has been slow. Until then, security experts recommend avoiding standard text messaging for sensitive communication.
The rise of encrypted apps
With traditional texting deemed insecure, officials are encouraging the use of fully encrypted messaging apps like Signal, WhatsApp, and even Facebook Messenger. These platforms offer end-to-end encryption for both messages and voice calls, ensuring that communication remains private and secure across devices.
“Encryption is your friend,” Jeff Greene said. “Whether it’s for text messaging or voice communication, if the data is encrypted, it becomes nearly impossible for adversaries to access it.”
Broader implications
The warning underscores the growing cybersecurity risks posed by state-sponsored attacks. An alert issued by the FBI, CISA, NSA, and other Five Eyes intelligence partners highlighted the ongoing threat to U.S. networks and urged individuals and businesses to adopt stricter security measures.
Ironically, the timing of the advisory coincides with Apple’s upcoming iOS 18.2 update, which will allow users to change their default messaging app from iMessage, potentially making it easier for users to switch to more secure platforms.
Until encryption becomes standard for all text-based communication, experts advise using apps like Signal or WhatsApp as the default for cross-platform messaging to protect personal and sensitive information from cyber threats.