X

iOS-Android Texting Is at Risk, as FBI Warns About Massive Cyberattack

You should be using an encrypted messaging app instead of texting between iPhones and Android phones, federal security agencies say.

Headshot of Omar Gallaga
Headshot of Omar Gallaga
Omar Gallaga
2 min read
iMessage logo on an iPhone

iOS and Android users are being encouraged not to message using RCS.

James Martin/CNET

If you've got an iPhone and you've been texting someone using an Android phone -- or vice versa -- the FBI and the US Cybersecurity and Infrastructure Security Agency are warning you to switch to a messaging app that uses end-to-end encryption immediately. It comes as a major cyberattack unfolds, with telecom companies including AT&T, Verizon and Lumen Technologies being hacked by China, according to the officials.

The US government is investigating the hacking, which the officials say has given access to private texts and phone conversations as well as metadata about calls, as reported by NBC News and other outlets

One type of mobile messaging that may be particularly vulnerable during the attack is RCS, a protocol that allows iPhone and Android users to message each other and is not encrypted. Instead, use an app like Apple Messages, Facebook Messenger, WhatsApp, Signal and Telegram, which all have end-to-end encryption.

The attack, an ongoing campaign dubbed Salt Typhoon, was the subject of a Senate hearing on Wednesday. It's unclear so far how widespread the attack has been. The agencies have been working with telecommunications companies to beef up security as Salt Typhoon continues.

"Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication," Jeff Greene, executive assistant director for cybersecurity at the CISA, told NBC. "Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible."