A message from the FBI and the Cybersecurity and Infrastructure Security Agency: stop using traditional text messaging between iPhone and Android devices.1 Why? These communications lack the security features needed to protect against modern cyber threats.
This isn’t just a theoretical risk. The warning comes amidst revelations of ongoing cyberattacks by Salt Typhoon, a hacking group associated with China’s Ministry of Public Security. These attacks have exposed vulnerabilities in critical U.S. networks, making it clear that the stakes are higher than ever for securing our communications.
The Problem with Text Messaging
Text messaging is showing its age in the face of modern cyber threats. Here’s the issue: while platforms like iMessage and Google Messages offer end-to-end encryption (E2EE) for communications within their ecosystems, messages sent between iPhones and Androids are not secured in the same way.
This gap leaves your messages vulnerable to interception. Cybercriminals—or even nation-state actors—can exploit this weakness to steal sensitive information. It’s not just metadata like phone numbers and timestamps that can be exposed; in targeted cases, the contents of calls and texts can also be compromised, as has happened with individuals in government and political circles.
Why Encryption Matters
Encryption is like locking your message in a vault that only you and the recipient can open. Without it, your communications are essentially postcards that anyone along the delivery route can read. Fully encrypted apps like Signal and WhatsApp go a step further, ensuring that not even the service providers can see your messages.
Unfortunately, the promise of encryption hasn’t fully reached Rich Communication Services (RCS), the modern replacement for SMS. Despite its advanced features, RCS lacks encryption for cross-platform messaging, making it a poor choice for secure communications.
Key Takeaways from the FBI and CISA Warnings
1. Prioritize Security in Your Communication Tools – If you’re still using standard text messaging, consider opting for apps like Signal or WhatsApp. These platforms protect both messages and calls, even across different operating systems.
2. Update Your Devices Regularly – Cybersecurity isn’t just about the apps you use; it’s also about the devices you use them on. Make sure your phone’s operating system is up to date to protect against known vulnerabilities.
3. Use Strong Authentication Methods – The FBI specifically highlights the importance of phishing-resistant multi-factor authentication (MFA) for all your accounts. That way, even if your credentials are exposed, attackers can’t easily access your accounts.
4. Understand the Risks of RCS – It is being marketed as the future of messaging, but without full encryption, it’s far too risky. Until this gap is addressed, stick to proven secure platforms for all critical communications.
What Should Be Done?
The lack of cross-platform encryption in RCS is a systemic issue. Apple, Google, and other stakeholders should prioritize implementing encryption for RCS, using their resources and expertise to make secure communication accessible for everyone.
From a policy perspective, government agencies like the FBI and CISA can continue to raise awareness and push for stronger encryption standards. Their public advisories are an important first step, but broader advocacy and collaboration with the private sector will be necessary to drive meaningful change.
What Can You Do Right Now?
• Switch to Secure Apps: Install and use encrypted platforms like Signal or WhatsApp for all your messaging and calls.
• Educate Others: Share this information with friends, family, and colleagues.
• Be Proactive About Security: Keep your devices updated, use MFA wherever possible, and stay informed about potential vulnerabilities in the tools you use.
A Call to Action
This warning is a wake-up call for all of us. Cyber threats aren’t going away—they’re becoming more sophisticated and pervasive. While we can’t control the bad guys’ actions, we can control how we protect ourselves.
By adopting secure communication practices and advocating for better encryption standards, we can help ensure that our digital conversations remain private and protected. It’s a small step with a big impact, and it starts with each of us making smarter choices about how we connect.
For more information, read the original article here.
- Doffman, Zak. “FBI Warns iPhone and Android Users-Stop Sending Texts.” Forbes, Forbes Magazine, 5 Dec. 2024, www.forbes.com/sites/zakdoffman/2024/12/05/fbi-warns-iphone-and-android-users-stop-sending-texts/. ↩︎