The FBI and CISA are urging Americans to use encrypted messaging and phone calls where possible, amidst ongoing Chinese hacking attacks targeting U.S. networks. The warnings come as a significant shift from the growing use of text messaging, highlighting that cross-platform communication does not offer the same level of security as messaging within the same platform. A senior FBI official expressed concerns about the vulnerabilities in critical U.S. communication networks, which have been exploited by Chinese-affiliated cyber actors in a broad cyber espionage campaign.
The campaign has compromised multiple telecom networks, exposing call and text metadata, although expansive call and text content were not stolen broadly. However, private communications of certain individuals involved in government or political activities were compromised. CISA’s Jeff Greene emphasized the need for strong encryption and urged Americans to utilize encrypted communication apps wherever available.
The lack of end-to-end encryption in SMS and RCS messaging is a glaring vulnerability that has been widely recognized.
FBI urges encrypted phone communication
The scale of the hacking campaign has spurred a political storm, with U.S. government agencies conducting classified briefings for senators and promising action on the security threats to communications networks.
The Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel is proposing that communications service providers be required to certify their plans to protect against cyberattacks annually. CISA Director Jen Easterly announced the launch of an independent review of the Chinese hacking campaign by the Cyber Safety Review Board (CSRB). The board aims to understand the scope and scale of the breach and provide recommendations to strengthen the security of telco networks.
The push for using end-to-end encryption has highlighted a longstanding tension between the need for secure communications and the ability of law enforcement to access data. The FBI’s emphasis on “responsible encryption” suggests a focus on maintaining data access through lawful requests, which may impact how encryption technologies are implemented by major messaging platforms. In conclusion, Americans are advised to adopt encrypted communication methods to safeguard their privacy and protect against ongoing cyber threats.
Lawmakers and agencies are working to address the vulnerabilities in communication networks and strike a balance between security and accessibility.
