Salt Typhoon hack in US, FBI says to use encrypted apps

It’s a reversal for the FBI, which has demanded for years that Apple give the agency unencrypted access to messages. The new warning comes amid what they and the Cybersecurity and Infrastructure Security Agency (CISA) are calling China’s ongoing Salt Typhoon hack.

“Our suggestion that we’ve been telling people internally is not new here: Encryption is your friend whether you’re sending text messages or whether you have the ability to use encrypted voice communications,” says Jeff Greene, deputy director of cybersecurity at the CISA, tells NBC News in a press interview. “Even if the adversary were able to intercept the data, it would be impossible to encrypt it if it were encrypted.”

The FBI official involved in the call, who wished to remain anonymous, also appeared to specifically recommend the use of iPhones.

“People who want to further protect their mobile device communications would benefit from using a cell phone that automatically receives timely operating system updates,” the official said, “(as well as) responsibly managed encryption and phishing-resistant multi-factor authentication for Email and social networks. Media and collaboration tool accounts.

The warning from the FBI and CSIA follows incidents such as the Salt Typhoon group’s alleged access to the US law enforcement surveillance network. The group is also believed to have hacked the iPhones of US presidential campaign officials.

In particular, the scope of law enforcement is so large that Greene said it is impossible to “predict a time frame as to when we will conduct a full eviction.”

Both Apple’s iMessages and Google Messages are end-to-end encrypted, as is FaceTime. However, this is not the case with old-style text messages.

RCS is encrypted in Google’s implementation, but Apple reportedly preferred to work with the GSMA to add encryption to the standard RCS. However, as of September 2024, Google and Apple were still working on the problem.

So for now it appears that using RCS to send messages between iPhones and Android is not encrypted. This also means that if there is even one Android member in an iMessage group, the group’s conversation can potentially be read.