Why the FBI Wants You to Stop Sending Texts
The FBI has issued a warning to Americans to stop using unencrypted text messaging and switch to apps with end-to-end encryption. This comes in the wake of one of the largest cyberespionage campaigns in U.S. history, known as "Salt Typhoon," a Chinese hacking operation targeting telecommunications networks. Here's what you need to know about the risks and how to protect yourself.
What Is Salt Typhoon?
Salt Typhoon is the name of a massive hacking campaign linked to China's Ministry of Public Security. The operation has infiltrated major U.S. telecommunications companies, including AT&T®, Verizon®, and Lumen Technologies®. The hackers accessed sensitive data like call metadata, live phone conversations of specific targets, and systems used under the Communications Assistance for Law Enforcement Act (CALEA). These systems can include classified court orders, although the FBI has not confirmed whether classified material was accessed.
The campaign was first disclosed in the lead-up to the U.S. elections but is currently believed to be surveillance rather than election interference. While the attack continues, officials have not provided a timeline for when telecom networks will be fully secure again.
Hackers focused on Washington, D.C.-area communications and targeted individuals involved in government and politics. Despite this, the FBI does not plan to notify those whose metadata was compromised, adding to concerns about the attack's scope.
Why Regular Text Messaging Isn't Safe
When you send a standard SMS or even use basic Rich Communication Services (RCS) messaging, your communication is not encrypted. This means that hackers, governments, or anyone with the right tools can potentially intercept and read your messages.
Encryption protects your data by converting it into a coded format that only the intended recipient can decrypt. Without it, private information — whether it's a personal text or sensitive business detail — is vulnerable.
ESET cybersecurity expert Jake Moore emphasized that "any non-encrypted forms of communication can be surveilled," as reported by Forbes, a fact that underscores the risks of using outdated messaging systems like SMS.
What the FBI and CISA Recommend
The FBI and CISA are clear in their advice: use encrypted apps for all your communications, including text messaging and voice calls. Here's what they suggest:
- Choose encrypted apps: Apps like Signal® and WhatsApp® offer end-to-end encryption by default. Google Messages® and Apple's iMessage® also provide encryption but only when communicating within their respective ecosystems (Android® to Android or iPhone® to iPhone).
- Keep your phone updated: Regular operating system updates ensure your device has the latest security protections.
- Enable phishing-resistant multi-factor authentication: Adding another layer of security to your email and social media accounts makes them harder to hack.
As Jeff Greene of CISA put it, "Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," as reported by Forbes.
How to Choose the Right Messaging App
Not all messaging platforms are created equal. Here's a quick rundown of options to help you make an informed choice:
- Signal: Widely regarded as the most secure messaging app, Signal offers robust encryption for both texts and calls.
- WhatsApp: While owned by Meta, WhatsApp provides reliable end-to-end encryption and supports cross-platform communication.
- Google Messages and iMessage: These apps are encrypted, but only when communicating within their respective ecosystems (Android to Android or iPhone to iPhone).
Experts caution against using SMS or non-encrypted RCS for private conversations, as these platforms lack adequate security measures. Until RCS adds cross-platform encryption, it's best to avoid it for sensitive communication. Signal and WhatsApp also offer fully encrypted voice and video calls, making them safer alternatives for secure calls.
The Stakes Are High
The Salt Typhoon attack has exposed glaring vulnerabilities in U.S. telecommunications systems, raising concerns about national security and privacy. Hackers gained access to systems designed to comply with the Communications Assistance for Law Enforcement Act (CALEA), which ironically allowed them to intercept sensitive information.
While the FBI historically opposed encryption that blocks lawful access to digital data, the agency now acknowledges the necessity of strong encryption to safeguard against advanced cyber threats.
The Bottom Line
The risks of using unencrypted communication have never been greater. Cybersecurity experts agree that switching to encrypted messaging apps is a simple but effective way to protect your data.
As Jake Moore put it, "Encrypted channels offer privacy and security ... but it's about choices and understanding what level of security is right for individuals," as reported by Forbes. Whether you're discussing personal matters or conducting business, encrypted messaging is the best way to ensure your privacy.
References: FBI Warns iPhone And Android Users—Stop Sending Texts | U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack
