The FBI has warned Americans that the ongoing state-sponsored Chinese hacking of U.S. telecommunications networks is much larger than previously understood.
As reported by Forbes, the government agency is now urging Americans to use encrypted messaging and phone calls instead of texting wherever possible.
While messages and calls between Android to Android or iPhone to iPhone are still likely secure, the communications between Android to iPhone are not due to the network attacks attributed to Salt Typhoon, a group associated with China’s Ministry of Public Security.
These attacks have highlighted the security vulnerabilities within U.S. communications networks, which have always had the potential to be intercepted since end-to-end encryption isn't used. Apple, Google and Meta also advise the use of such encryption which is why messaging services like WhatsApp have become increasingly popular in recent years. However, you should also take a look at the best WhatsApp alternatives before deciding on an encrypted messaging app for you and your family.
FBI officials have also stated that U.S. citizens should be using cell phones that automatically receive timely operating system updates, use responsibly managed encryption and phishing resistant multi-factor authentication for email, social media and their collaboration tools.
What we know about the Salt Typhoon attacks so far
FBI officials explain that though widespread call and text metadata was stolen in these attacks, expansive call and text content was not. The threat actors compromised the private communications of a limited number of individuals primarily involved in government or other political activities.
A senior FBI official has stated that the FBI began investigating the activity in late spring and early summer of this year and “identified that PRC affiliated cyber actors had compromised networks of multiple telecom companies to enable multiple activities” and the continued investigation revealed “a broad and significant cyber espionage campaign.”
Reuters has also reported that a Senate Commerce Subcommittee will hold a hearing on Dec.11th regarding Salt Typhoon and how security threats pose risks to U.S. communications networks as well as what best practices are.
How to stay safe
In order to stay safe from any fallout from Salt Typhoon, you should start by using one of the best encrypted messaging apps; WhatsApp, Signal and Telegram are all popular choices for their various features.
At the same time, you also want to make sure your phone’s operating system is updated frequently which means instead of waiting to install updates, you should do so as soon as they become available. Likewise, you also want to enable two-factor or multi-factor authentication whenever possible for all sensitive accounts including your email and any messaging apps you use.
Salt Typhoon is one of the largest cyberattacks of its kind and because of this, we'll likely be hearing more about these attacks themselves and how the U.S. government plans to shore up its defenses going forward. In the meantime, you just want to make sure that you are using encryption when possible and that you avoid having sensitive conversations via text message for the foreseeable future.
