FBI urges iPhone and Android users to secure messages following cybersecurity concerns

The FBI has issued a stark warning to iPhone and Android users, urging them to stop sending unencrypted text messages in light of ongoing cybersecurity concerns. This comes as new regulations are being proposed and follows an increased push from US authorities for better encrypted communications.

As Apple’s recent adoption of Rich Communication Services (RCS) seemed to signal a new era for secure messaging between devices, a surprising new hurdle has emerged. While messages sent between Android-to-Android or iPhone-to-iPhone remain secure, the exchange between the two platforms is not fully encrypted.

This revelation comes amid rising concerns over cyberattacks, particularly by Chinese hackers targeting US networks. According to reports, these attacks are more extensive than previously understood. In response, the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) are urging Americans to use encrypted messaging services and secure phone calls whenever possible.

The attacks, attributed to Salt Typhoon, a group reportedly affiliated with China’s Ministry of Public Security, have raised alarms about vulnerabilities in critical US communication infrastructure. Without end-to-end encryption, there is always the risk of intercepted content, a reality that has driven tech giants such as Apple, Google, and Meta to advocate for encrypted communications, highlighting that even they cannot access user content.

A senior FBI official explained, “Within the investigative activity, especially one this significant and large, the facts will evolve over time… The continued investigation into the PRC targeting commercial telecom infrastructure has revealed a broad and significant cyber espionage campaign.” The official confirmed that Chinese-affiliated hackers had compromised the networks of multiple telecom companies to enable a range of cyber activities. The FBI investigation into these breaches began in late spring and early summer of this year.

The official further warned citizens to ensure their devices are regularly updated with the latest operating system patches, to use responsibly managed encryption, and to implement phishing-resistant multi-factor authentication (MFA) for email, social media, and collaboration accounts.