FBI, CISA urge Americans to use secure messaging apps in wake of massive cyberattack

Have you been using the new RCS format to send texts between an iPhone and an Android phone? If so, you could be exposing your messages to snooping by foreign hackers.

In a news call with reporters on Tuesday, US government officials revealed that China had hacked AT&T, Verizon, and Lumen Technologies to spy on customers, as covered by NBC News. As a result, the officials are urging Americans to use secure and encrypted messaging apps and formats to prevent their private communications from being exposed.

Also: Why you should power off your phone once a week – according to the NSA

The two officials, one a senior person at the FBI who asked not to be named, and the other Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) said that the hacking campaign, dubbed Salt Typhoon by Microsoft, is one of the largest compromises in US history. The hackers have accessed call records, live phone calls of specific people, and even classified court orders, NBC News reported.

At this point, these attacks have yet to be fully rectified. In fact, the compromise was so large in scope that Greene said it was “impossible to predict a time frame on when we’ll have full eviction.” That means people in the US should be careful what apps and methods they use to communicate via text messaging, especially if the messages are of a sensitive or confidential nature.

Also: Why you don’t need to pay for antivirus software anymore

“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” Greene said during the call. “Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.”

What does this mean for iPhone and Android users? iMessages exchanged between one iPhone and another are encrypted by default. Photos and other attachments are also encrypted. Texts sent from one Android phone to another using RCS via Google Messages also are encrypted. However, the news is not so good between iPhones and Android phones.

Messages exchanged between an iPhone and an Android device using SMS or RCS are not encrypted. Such encryption is in the works and hopefully will arrive before too long. Until then, however, any messages you send and receive between the two types of phones could be exposed to the kind of foreign snooping described by the FBI and CISA.

Also: Did you get paid through Venmo, CashApp, or PayPal in 2024? The IRS will know

Of course, you can also turn to third-party messaging software. Such apps as WhatsApp, Signal, and Telegram offer end-to-end encryption for all types of texts. Among these, WhatsApp is probably the most popular, at least outside the United States. But any of them can be useful if you need to send confidential or sensitive information in a text.

For more advice on secure text messaging, CISA offers a helpful online guide called “How to Communicate Securely on Your Mobile Device.”