In response to what experts are calling the largest intelligence breach in US history, the Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent guidance for Americans to adopt secure end-to-end encrypted messaging apps like Signal for mobile communications.
The recommendations come after the devastating Salt Typhoon cyberattack, which successfully infiltrated at least eight US telecommunications companies to conduct widespread surveillance of citizens.
While CISA's advisory primarily targets individuals who possess sensitive information of interest to Chinese hackers, the security measures can benefit all users concerned about their digital privacy.
At the core of CISA's guidance is the recommendation to switch to messaging apps that provide end-to-end encryption, ensuring messages remain private between sender and receiver. The agency emphasizes selecting apps that work across both iPhone and Android devices while minimizing metadata collection - the supplementary information like IP addresses and timestamps that can reveal user patterns.
The advisory also warns against using SMS-based two-factor authentication, as text messages can be intercepted on compromised telecom networks. Instead, CISA recommends implementing phishing-resistant authentication methods like FIDO, which leverages biometrics or physical security keys.
Additional security measures outlined include:
- Using password manager tools to generate and store strong login credentials
- Regular device operating system updates to patch vulnerabilities
- Avoiding unsecured commercial VPN services, particularly free offerings with questionable privacy policies
"Highly targeted individuals should assume that all communications between mobile devices – including government and personal devices – and internet services are at risk of interception or manipulation," CISA stated in the advisory.
The guidance represents an unprecedented push by US cybersecurity officials to move citizens toward more secure communication methods in the wake of the Salt Typhoon breach. As investigations into the full scope of the attack continue, implementing these security practices could help protect against future surveillance attempts.