There’s a security risk between Androids and iPhones.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning to both Android and iPhone users, advising them to avoid sending unencrypted text messages to users on the opposite operating system following the Salt Typhoon cyberattack. This breach, attributed to Chinese actors, targeted several major U.S. telecom companies, allowing the hackers to gain access to sensitive information, including call records, live phone conversations of specific individuals, and systems used to track calls under court orders.
While the breach has not yet been fully addressed, officials are urging users to switch to encrypted messaging services to secure their communications. Both Apple and Google offer encryption for messages sent between devices on the same platform—iPhone-to-iPhone and Android-to-Android—but messages exchanged between different operating systems lack encryption. CISA’s Jeff Greene emphasized that encryption is crucial for protecting communication, whether through text messaging or voice calls, particularly in light of recent breaches.
Greene also noted that the scale of the telecom breach is significant, making it impossible to predict when the full resolution will occur. An FBI official, who requested anonymity, recommended that individuals looking to better secure their mobile communications consider using phones that receive regular operating system updates and employ strong encryption and phishing-resistant security measures, such as multi-factor authentication for online accounts.
On Wednesday, CISA, the FBI, the National Security Agency, and cybersecurity agencies from Australia, Canada, and New Zealand jointly issued a warning about the Salt Typhoon breach. They confirmed that threat actors affiliated with the People’s Republic of China had compromised telecom networks to carry out an extensive cyber espionage campaign.
