Texts between Apple, Android are not secure; The FBI suggests encryption

On By Littum

Amid what they call a ‘massive’ campaign of ‘cyber espionage’ by Chinese hackers, officials are touting encryption for smartphone users sending text messages between Apple and Android devices.

game

Hackers may be after your text messages. Particularly vulnerable: texts between Android and Apple devices.

Three weeks ago, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) revealed it hackers associated with the People’s Republic of China had infiltrated the US telecommunications infrastructure as part of “a broad and significant cyberespionage campaign.”

Those targeted were “a limited number of individuals primarily involved in government or political activity,” the agencies said at the time. Customer call data and “certain information that was subject to requests by U.S. law enforcement pursuant to court orders” was stolen, the agencies said.

The hackers are apparently still at work, however, and cybersecurity officials said this week that they have been unable to kick them out of the networks of some telecom and Internet companies.

On top of that, officials at these agencies make a special point to remind smartphone users that text messages between Android devices and Apple devices are particularly vulnerable since they are not encrypted.

“Encryption is your friend, whether it’s on text messages or if you have the capacity to use encrypted voice communications, even if the adversary is able to intercept the data, if it’s encrypted, it will make it impossible, if not downright difficult. for them to detect it, so our advice is to try to avoid using plain text,” said Jeff Greene, CISA’s executive assistant director of cybersecurity, during a press briefing held Tuesday.

What is your password?: Here are the most common, many can be hacked in less than 1 second

Hackers have been able to steal a large amount of records, including information about where, when and with whom people communicated, but no audio or actual text messages, a senior FBI official said during the briefing. However, some in the Washington, DC area had audio and texts captured by the hackers, the official said.

Hackers still have access to the networks, officials said. And, Greene said, “We’re under no illusion that once we’re successful in evicting these actors, they won’t come back.”

Texting: What you need to know about security

Beyond seek help from private companies to assess the scope of the attacks, officials suggested that people concerned about the security of their messages should use encrypted messaging systems – think WhatsApp and Signal.

That’s because if you’re like most of us, some of our texting friends have Apple devices and some have Android devices. Messages sent between two Apple gadgets are encryptedlike messages sent between users by Google Messages. But those between Android and Apple devices are not.

Federal Communications Commission Chairwoman Jessica Rosenworcel on Thursday proposed the agency’s action to ensure that telecommunications companies must secure their networks.

“As technology continues to evolve, so do adversary capabilities, meaning the United States must adapt and strengthen our defenses,” Rosenworcel said in a press release.

Chinese hacking attack ‘absolutely astonishing’

The Director of National Intelligence Avril Haines, the National Security Council, Rosenworcel, the FBI and CISA held a closed-door briefing before the US Senate on Wednesday. Senators were updated on the long-running investigation into “threat actors” linked to China, including a hacking group known as Salt Typhoon, which has infiltrated several telecommunications and Internet companies, including “at least” eight U.S. carriers, including AT&T, Verizon and T -Mobile.

“The scope and depth and breadth of Chinese hacking is absolutely staggering — that we would allow as much as has happened in the last year is frightening,” said Senator Richard Blumenthal.

“This was part of a massive espionage campaign that affected dozens of countries,” the FCC said in a fact sheet.

Incoming FCC Chairman Brendan Carr said Wednesday that he will work “with national security agencies through the transition and next year in an effort to eradicate the threat and secure our networks.”

Rose roota Democrat appointed to chair the FCC by President Joe Biden, has announced she will leave the agency next month.

US companies respond to hacking attacks

Among the infiltrated companies, Verizon said “several weeks ago, we became aware of a highly sophisticated nation-state actor gaining access to the networks of several of the nation’s telecommunications companies, including Verizon,” adding that the incident focused on a very small subset of individuals in the government . and politics.

AT&T said it is “working in close coordination with federal law enforcement, industry peers and cybersecurity experts to identify and remediate any impact on our network.”

T-Mobile and Lumen (formerly known as CenturyLink) both said there was no evidence hackers gained access to customer data.

Chinese officials have previously described the claims as disinformation, saying Beijing “firmly opposes and fights cyber-attacks and cyber-theft in all forms.”

Featured: Reuters.

Follow Mike Snider on X and Threads: @mikesnider & mike carvers.

What is everyone talking about? Sign up for our trending newsletter to get today’s latest news