In a surprising twist, the FBI—alongside CISA—has suddenly warned iPhone and Android users to use encrypted messaging and calls where available. This follows an extensive US telco network hacking campaign attributed to China’s Salt Typhoon, with officials warning of “a broad and significant cyber espionage campaign.”

While a senior FBI official assures that although hackers “have stolen a large amount of records… about where, when and whom individuals were communicating with,” he assured that for most “these stolen records do not include voice or text content.” But the hackers did steal “call and text contents” from “a limited number of individuals.”

This seemed a surprising move from law enforcement, given past frustrations that end-to-end encryption left agencies in the dark, unable to access user content even if court-ordered. Even Apple, Google and Meta cannot access user content that’s end-to-end encrypted on their platforms. But the FBI actually referred to “responsibly managed encryption,” which implies some form of lawful access.

The key advice is simple. Don’t use basic network text messaging—including RCS, where those texts are not fully encrypted. This rules out Apple’s new RCS option for messaging Androids, albeit when messaging within iMessage (to other Apple users) or within Google Messages (to other Android users) is secure.

While messaging generated most of the headlines following the FBI and CISA warnings, it applies to calls as well. Most cellular calls are not fully encrypted and are at risk of interception whether lawful or otherwise. It’s network dependent. Using a platform like WhatsApp or Signal, or FaceTime on iPhones, resolves this. While such calling remains unusual in the US and most of Europe, travel around Asia or Africa and you’ll see many users default to secure calling given distrust of networks.

So, what do you do now? Fortunately, timing is everything here. And Apple is about to release iOS 18.2, which for the first time enables iPhone users to change their default messaging and calling apps. This means that when you click to call or message, it won’t be the standard Phone or iMessage app that opens.

As Apple explains, “in iOS and iPadOS 18.2 and later, a user may select an app other than the Messages app to send instant messages. The system launches the default messaging app to handle when a user taps an im: link from another app.” It has also told messaging platforms how to “prepare your app to be the default messaging app.”

You should change these two settings—calls and messages—as soon as iOS 18.2 is released and working as billed. My suggestion is to use WhatsApp for messaging and calling, albeit Signal or any other fully encrypted app will do the job. Those are two separate settings—one for messages and one for calls. You need to change both. The Default Apps menu option will be available in Settings after updating to iOS 18.2.

The FBI’s warning that substantial metadata was stolen in China’s hack of US networks is critical. That metadata means who you know, who you call, when you call them, and for how long, it’s the same metadata available to Meta and others, and can be provided to law enforcement on lawful request. It is not captured by some platforms, such as Signal, in the same way. That said, unless you’re in an especially sensitive or high-risk job or location, this is a much less serious risk than content.

Share.

Leave A Reply

Exit mobile version