How the Chinese Telecom Hack Underscores the Importance of Encryption 

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are urging all Americans to use encrypted phone apps. The warning comes after the White House highlighted an unprecedented cyberattack on U.S. telecommunications giants like AT&T and Verizon, carried out by the cyber espionage group Salt Typhoon, backed by China.

The U.S. believes the hackers gained access to the communications of senior U.S. government officials and prominent political figures for months or longer through this breach.

CISA Releases Guidance for Communicating on Mobile Devices

On December 18, CISA released its Mobile Communications Best Practice Guidance, which noted that although it specifically addresses senior government officials and political figures, the guidance is relevant to all audiences.

“Even if you don’t think your texts are important, privacy is your right,” the National Cybersecurity Alliance stated. “Powerful nation-state actors share the data they steal with scammers. There are ways your unencrypted communication can be exploited to commit crimes against you.”

What Puts Your Calls and Texts at Risk

• SMS and regular calls lack security: Traditional SMS texts and most cellular calls are not encrypted, making them susceptible to legal or malicious interception.  
• iMessage and Google Messages don’t work well together. These apps support end-to-end encryption only when messaging users on the same platform. Messages sent from iPhone to Android or vice versa default to unencrypted SMS. You can tell when a text isn’t encrypted on iPhones because the bubble is green instead of blue.   
• Old cellular networks: Even with modern phones, your communications can still pass through insecure networks like 2G and 3G, increasing the interception risk. 

How to Secure Your Texts and Calls 

To stay ahead of threats like the Chinese Salt Typhoon attack:  

1. Use Encrypted Messaging Apps

   Apps like Signal and WhatsApp offer end-to-end encryption for messages and calls, making intercepted data unreadable.
   – iPhone Users: Stick to iMessage for other iPhone users (blue bubbles). Use Signal or WhatsApp for non-iPhone users. Avoid SMS (green bubbles).
   – Android Users: Enable encryption in Google Messages and disable RCS. 
   – Avoid SMS, MMS, and RCS for secure communication. Both Apple and Android users should avoid these standard text messaging options because they are not encrypted. 

2. Switch to Encrypted Calling Options

   Use apps like Signal or WhatsApp for VoIP-based encrypted voice calls. Apple users can rely on FaceTime for secure audio or video calls. 

3. Avoid Sharing Sensitive Information Over Unsecured Channels

   Refrain from sending sensitive data via SMS or regular phone calls. Opt for encrypted platforms or, for email, attach the information in an encrypted file and share the password securely.  

4. Keep Devices Updated

   Regularly update your device’s operating system and enable automatic updates to protect against vulnerabilities. 

5. Enable Multi-Factor Authentication (MFA)

   Use MFA, such as FaceID or fingerprint scans, for added account security. Learn more about Safeguarding Data with Two-Step Verification in this recent article. 

6. Secure Your Emails

   Most standard email services, such as Gmail and Outlook, are encrypted, but only on their network, such as when a Gmail user sends an email to another Gmail user. Instead, use encrypted apps or attach encrypted files to emails and share passwords via secure channels.