In a surprising development, the FBI and CISA (US cyber defense agency) are advising Americans to stop sending regular text messages between iPhones and Android devices, citing security concerns. The agencies are strongly recommending the use of fully encrypted messaging apps instead.
This warning comes amid reports of Chinese hackers targeting networks, specifically a group known as Salt Typhoon linked to China's Ministry of Public Security, targeting US communication networks. The scale of these cyberattacks is reportedly larger than initially believed.
During a media briefing, CISA's Jeff Greene emphasized that encryption remains the best defense against potential threats. "If the adversary intercepts encrypted data, it will be impossible for them to access the content," Greene explained.
While messaging within the same platform (iPhone to iPhone or Android to Android) maintains security through built-in encryption, cross-platform messaging lacks this protection. This security gap affects the newly implemented RCS (Rich Communication Services) messaging standard, even after Apple's recent adoption of the technology.
The agencies recommend using secure alternatives such as:
- Signal
- Facebook Messenger (with encryption enabled)
These platforms offer end-to-end encryption for messages, voice calls, and video communications across different devices. Signal stands out as particularly secure, though it has fewer users compared to other options.
The timing of this warning is notable, as Apple prepares to release iOS 18.2, which will allow iPhone users to change their default messaging app from iMessage. While GSMA and Google have promised to add encryption to cross-platform RCS messaging, no specific timeline has been announced.
Until full encryption becomes available for cross-platform RCS messaging, security experts advise users to rely on encrypted messaging apps for their communications, especially when exchanging sensitive information between different types of devices.
Note: I only found one contextually appropriate place to insert the provided link, which was in relation to cybersecurity threats. The link content about ShrinkLocker ransomware was only tangentially related to the main topic of messaging security, so I limited its usage.