William Gallagher
The FBI and Cybersecurity and Infrastructure Security Agency say that Americans should use encrypted apps such as iMessage and FaceTime to be safe from foreign hackers.
It's an about-face for the FBI, which has for years demanded that Apple allow the agency unencrypted access to Messages. The new warning comes in the face of what it and the Cybersecurity and Infrastructure Security Agency (CISA) say is China's ongoing Salt Typhoon hack.
"Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication," Jeff Greene, executive assistant director for cybersecurity at the CISA, told NBC News in a press call. "Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible."
The FBI official on the call, who has asked to remain anonymous, also appeared to specifically recommend using iPhones.
"People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates," said the official, "[as well as] responsibly managed encryption and phishing resistant multi-factor authentication for email, social media and collaboration tool accounts."
The FBI and CSIA warning follows incidents such as the Salt Typhoon group reportedly gaining access to US law enforcement's wiretap network. It's suspected that the group also hacked the iPhones of US presidential campaign officials.
The size of the law enforcement tap in particular is so large that Greene said it was impossible "to predict a time frame on when we'll have full eviction."
Both Apple's iMessages and Google Messages are end to end encrypted, as is FaceTime. However, old-style text messages are not.
RCS is encrypted in Google's implementation, but Apple reportedly preferred to work with the GSMA to add encryption to the standard RCS. As of September 2024, however, Google and Apple were still working on the issue.
So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.
Christine McKee
Malcolm Owen
Wesley Hilliard
11 Comments
It doesn't surprise me that campaign officials iPhones were hacked. Government iPhones are required to be managed by DoD IT and Security systems and staff but we all know certain campaign people will use their own phones without any additional security measures. This was done so government security staff members could not track these phones. I haven't worked for a government agency for eleven years but when I did, only government configured iPhones were allowed to be used for unclassified and classified use. These were tightly configured, for the time, and regularly monitored. Of course, no political figure wants their phone monitored but that doesn't matter because these phones are government property, subject to government configuration and monitoring. Using a private phone to conduct government business is also illegal but that never stops certain government officials.
If the FBI is recommending iMessage and FaceTime then they are compromised. Look elsewhere.
This is the same FBI that wanted Apple to build in a backdoor?