The FBI and Cybersecurity and Infrastructure Security Agency say that Americans should use encrypted apps such as iMessage and FaceTime to be safe from foreign hackers.
It’s an about-face for the FBI, which has for years demanded that Apple allow the agency unencrypted access to Messages. The new warning comes in the face of what it and the Cybersecurity and Infrastructure Security Agency (CISA) say is China’s ongoing Salt Typhoon hack.
“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” Jeff Greene, executive assistant director for cybersecurity at the CISA, told NBC News in a press call. “Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.”
The FBI official on the call, who has asked to remain anonymous, also appeared to specifically recommend using iPhones.
“People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates,” said the official, “[as well as] responsibly managed encryption and phishing resistant multi-factor authentication for email, social media and collaboration tool accounts.”
The FBI and CSIA warning follows incidents such as the Salt Typhoon group reportedly gaining access to US law enforcement’s wiretap network. It’s suspected that the group also hacked the iPhones of US presidential campaign officials.
The size of the law enforcement tap in particular is so large that Greene said it was impossible “to predict a time frame on when we’ll have full eviction.”
Both Apple’s iMessages and Google Messages are end to end encrypted, as is FaceTime. However, old-style text messages are not.
RCS is encrypted in Google’s implementation, but Apple reportedly preferred to work with the GSMA to add encryption to the standard RCS. As of September 2024, however, Google and Apple were still working on the issue.
So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group’s conversation can potentially be read.