FBI warns texts between Android and iPhone users pose cyber risk

Officials say the cyber breach is ongoing, and it may take time to fully root out the bad actors from telecom systems

The FBI and a leading federal cybersecurity agency are warning Android and iPhone users to stop sending unencrypted texts to users of the other operating system after the Salt Typhoon hack of several major U.S. telecommunications providers.

Officials with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are warning that the Salt Typhoon cyber breach, which was conducted by actors in China, targeted telecom firms. The hackers accessed call records, live phone calls of certain specific targets and systems companies use to handle court orders from law enforcement and intelligence agencies to track calls.

While the breach is yet to be remediated, officials are encouraging users to communicate using encrypted messaging systems. 

Apple's iPhone and Google's Android smartphones have encryption for iPhone-to-iPhone messaging and Android-to-Android messaging, respectively, but messages between Android and iPhone users aren't encrypted.

STARBUCKS GRAPPLING WITH HEADACHES AFTER SOFTWARE SUPPLIER HIT WITH RANSOMWARE ATTACK

Cyber security threat on phone

In this photo illustration, the cyber lock symbol is displayed on an Android mobile phone with hacker code in the background. (Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images / Getty Images)

"Our suggestion, what we have told folks internally, is not new here. Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication," Jeff Greene, executive assistant director for cybersecurity at CISA, told NBC News on a press call.

Greene added that the size of the breach of telecom systems is large enough that it's "impossible" for agencies "to predict a time frame on when we'll have full eviction," the outlet reported.

An FBI official who asked not to be named told NBC, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" security tools, like multifactor authentication for email, social media and other accounts.

VISA REPORT HIGHLIGHTS EMERGING SCAMS TARGETING CONSUMERS AND TRAVELERS

A businessman texts a cell phone

A businessman holding a cell phone (istock / iStock)

CISA, the FBI, the National Security Agency and cybersecurity agencies from Australia, Canada and New Zealand issued a warning Wednesday regarding the Salt Typhoon breach, saying that "People's Republic of China (PRC)-affiliated threat actors compromised the networks of major global telecommunications providers to conduct a broad and significant cyberespionage campaign."

GET FOX BUSINESS ON THE GO BY CLICKING HERE

The agencies released a guide for network engineers and other stewards of communications infrastructure to use best practices for hardening their networks against exploitation by PRC-affiliated and other malicious cyber actors. They added that the guide may also be relevant for "organizations with on-premises enterprise equipment."