The scale of cyberattacks targeting US communication networks has prompted urgent warnings from federal agencies like the FBI and CISA. Amidst the growing threat, Americans are being strongly advised to prioritize encrypted messaging and voice communication. This development comes as reports confirm that Salt Typhoon, a hacking group linked to China’s Ministry of Public Security, has infiltrated US telecommunications infrastructure in a campaign larger than previously estimated.
During a media briefing, a senior FBI official emphasized the seriousness of the situation, stating, “The continued investigation into the PRC targeting commercial telecom infrastructure has revealed a broad and significant cyber espionage campaign.” The official also confirmed that the breaches compromised networks of multiple telecom companies, enabling malicious activities targeting individuals in government and political sectors.
This week on Ahead of the Threat, #FBI‘s Bryan Vorndran and Equifax’s Jamil Farshchi speak to Wendi Whitmore, senior vice president of Palo Alto Networks’ Unit 42, about #cyber threats and incident response, the cybercriminal business model, and more at https://t.co/Is20cdb9hR pic.twitter.com/QWFSeRJf2K
— FBI (@FBI) December 5, 2024
Salt Typhoon’s hacking campaign, which the FBI began investigating earlier this year, has exposed vulnerabilities in cross-platform communications, particularly between Android and iPhones.
While messaging within either ecosystem is secure, cross-platform exchanges lack full end-to-end encryption. This gap has drawn attention to the urgent need for responsible encryption practices to safeguard sensitive communications.
CISA’s Jeff Greene joined the conversation, urging Americans to adopt encrypted communication tools: “Our suggestion, what we have told folks internally, is not new here: encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.”
While iMessage and Google Messages offer encryption for intra-platform exchanges, the lack of a secured protocol for RCS (Rich Communication Services)—the SMS successor—remains a glaring issue.
Both Google and the GSMA have promised that encryption for RCS will be implemented but have yet to announce a firm timeline. The issue has gained traction following Apple’s recent updates and the wider adoption of RCS, which was seen as a step towards unifying communication standards across platforms.
Adding to the irony, the FBI has historically voiced concerns over encryption technology hindering criminal investigations. However, the agency now emphasizes “responsible encryption,” which would allow lawful access to data. Popular apps like WhatsApp and Signal, while offering robust encryption, fall outside this framework as they do not provide access to encrypted content without compromising the device endpoint.
Security experts continue to recommend fully encrypted messaging apps like Signal and WhatsApp for cross-platform communication. “That said, my advice remains to use the fully encrypted WhatsApp over RCS for any cross-platform messaging, at least until such a time as RCS adds its own full encryption between iPhones and Androids,” an expert suggested.
This advice comes as the Salt Typhoon cyberattacks raise alarms over the compromised private communications of individuals involved in political and governmental activities.
While metadata from widespread calls and texts was reportedly stolen, the hackers also accessed content from a limited number of targets. This development has led to classified briefings for US senators, with a Senate Commerce subcommittee scheduled to review the attacks and assess best practices for securing networks.
The implications of these breaches are significant. Without end-to-end encryption, cross-platform messaging remains vulnerable, leaving US communication networks exposed to potential espionage and data theft.
The adoption of fully encrypted messaging platforms like Signal and WhatsApp is being strongly recommended until RCS addresses its encryption shortcomings.
Apple’s upcoming iOS 18.2 update, which will allow users to change their default messaging app, underscores the growing importance of encrypted platforms in the face of mounting cyber threats. As Greene highlighted, “The need for encryption has never been greater, given the ongoing cyber threat landscape.”
