Did FBI Announces Texting Between iPhone and Android Is Not Secure
In October 2024, the Wall Street Journal reported of a large cyberattack against U.S. telecommunications companies AT&T, Verizon and Lumen Technologies. The NSA’s director, Gen. Timothy Haugh, told NBC News that the hackers were supported by China, something the Chinese government denied.
On Dec. 3, 2024, the FBI, the NSA and the Cybersecurity and Infrastructure Security Agency released new guidelines for protecting communications infrastructure in the United States in the wake of the breach. In a news conference about the effects of the hack, CISA Executive Assistant Director for Cybersecurity Jeff Greene mentioned that anyone with an iPhone or Android should stop sending text messages because they were not secure. This claim was widely reported on, and many readers want to know about the recommendation.
The claim to stop sending text messages was mostly true. While iPhone to iPhone and Android to Android messages are secure, sending a message between the two platforms is not. However, the FBI’s definition of “text message” was significantly more strict than the general public’s, meaning that not all messages sent on a phone applied. The main cellphone operating systems, iOS and Android, each have secure messaging systems (iMessage and Google Messages, respectively) for sending messages to a device of the same type that sent it (iPhone to iPhone or Android to Android). The FBI’s advice recommends only that users do not send text messages from an iPhone to an Android or vice versa.
Instead of sending text messages, officials suggested using an app that provides “responsibly managed encryption.” Think of encryption as a lock that requires a key to open. The most secure type of encryption, called end-to-end encryption, means that the message is locked before it is sent and unlocked on the other end. The FBI has previously criticized end-to-end encryption because it can sometimes slow down the agency’s efforts to access information on locked devices. As such, it’s unclear exactly what “responsibly managed encryption” means.
The simplest solution is to use a messaging application with end-to-end encryption. Apple’s iMessage and Android’s Google Messages use end-to-end encryption when messaging users of the same platform, which is why iPhones can securely message other iPhones (the same applies to Androids). However, when an iPhone user wants to send a message to an Android user (or vice versa), the messages are encrypted using a different method, RCS, which is more vulnerable. For these cases, a third-party application with end-to-end encryption, such as WhatsApp or Signal, is the best choice. These apps also will encrypt any voice calls.
Several reports said the large hack was not fully resolved, and that it was likely an attempt to gain access to private communications from government officials. According to Politico, the hackers were able to find call records and text messages of several high-ranking government officials, who were notified their private communications had been compromised.