Today, CISA urged senior government and political officials to switch to end-to-end encrypted messaging apps like Signal following a wave of telecom breaches across dozens of countries, including eight carriers in the United States.
CISA and the FBI confirmed these breaches in late October after reports that the Salt Typhoon, a Chinese-backed threat group, had hacked multiple U.S. telcos, including T-Mobile, AT&T, Verizon, and Lumen Technologies. Although the timing of the breaches is unclear, the attackers reportedly had access for “months or longer.”
Also tracked as Ghost Emperor, Earth Estries, FamousSparrow, and UNC2286, Salt Typhoon has been active since at least 2019, breaching telecom companies and government entities across Southeast Asia.
While today’s guidance applies to highly targeted individuals likely possessing information of interest to the Chinese cyberspies, the measures can help anyone concerned about the telecom hacks protect their data and information from hackers who successfully breach their mobile carriers’ systems.
“Highly targeted individuals should assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation,” the U.S. cybersecurity agency said on Wednesday.
“CISA strongly urges highly targeted individuals to immediately review and apply the best practices provided in the guidance to protect mobile communications, including consistent use of end-to-end encryption.”
Signal recommended as secure messaging alternative
In today’s advisory, CISA advises switching to an end-to-end encrypted messaging application, specifically naming Signal as an alternative for mobile communication across multiple mobile (iOS, Android) and desktop (macOS, Windows, and Linux) platforms.
“Adopt a free messaging application for secure communications that guarantees end-to-end encryption, such as Signal or similar apps. CISA recommends an end-to-end encrypted messaging app that is compatible with both iPhone and Android operating systems, allowing for text message interoperability across platforms,” CISA said today.
It also recommends using Fast Identity Online (FIDO) phishing-resistant multifactor authentication (MFA) together with hardware-based FIDO security keys (e.g., Yubico or Google Titan) or passkeys to secure Microsoft, Apple, and Google accounts. Where possible, options like Google’s Advanced Protection (APP) program or Apple’s Lockdown Mode should also be enabled to defend against account hijacking and phishing attacks.
Additionally, CISA advises avoiding SMS-based MFA, using a password manager to store and protect passwords from attackers, and setting up a telco PIN or passcode for sensitive operations like porting your phone number and blocking SIM swapping attempts.
The cybersecurity agency also advocates for regularly updating software to patch recently disclosed security vulnerabilities, switching to the latest available hardware for critical security features that older devices cannot provide or support, and avoiding using a personal virtual private network (VPN), which might have “questionable security and privacy policies” and will increase the attack surface.
Two weeks ago, CISA and FBI officials urged Americans to use end-to-end encrypted messaging apps to minimize the risk of communications interception. They also released guidance to help telecom system admins and engineers harden their systems against Salt Typhoon attacks.