The FBI has issued a warning highlighting cybersecurity risks associated with texting between Android and Apple devices. This vulnerability stems from differences in how these platforms handle communication protocols, making texts susceptible to interception. When sending texts between iPhones and Android devices, messages are not protected by end-to-end encryption, leaving them vulnerable to hacking.
Apple's iMessage between iPhone users, and Google Messages between Android users, also employ end-to-end encryption using Signal's protocol. However, the texts exchanged between iPhone and Android devices are not fully encrypted, leaving them vulnerable.
According to NBC News, a group of malicious actors, known as "Salt Typhoon" and believed to be based in China, recently infiltrated major US telecommunications companies, including AT&T, T-Mobile, and Verizon, to spy on customers. Deputy National Security Adviser Anne Neuberger revealed that the cyberattack's impact extends far beyond the US, affecting "dozens of countries around the world."
A senior official further revealed that the hackers had accessed a substantial amount of phone data belonging to American citizens. The primary objective of this breach was to identify potential targets for more sophisticated and invasive spying.
Here's what to do:
To enhance security, the FBI recommends using encrypted messaging platforms like Signal or WhatsApp, which provide end-to-end encryption, ensuring messages remain private. Notably, encryption is a technology that scrambles a message and requires a "key" to be able to see or hear it.
End-to-end encryption ensures that only the sender and recipient of a message hold the unique decryption key. This means that even the app's corporate owner and operator cannot access the encrypted message, even if compelled by a court order or in the event of a hack.
Google Messages and iMessage also offer end-to-end encryption, but only for messages sent between devices of the same operating system. Additionally, users are advised to avoid relying on default SMS or MMS services, as these lack adequate protection against interception.
"Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you can use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Jeff Greene, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CSIA), told NBC News.
An anonymous FBI official recommended that individuals seeking enhanced communication security consider using cellphones that receive timely operating system updates, devices with responsibly managed encryption and accounts protected by phishing-resistant two-factor authentication.