FBI suggests use of encrypted messaging apps while US faces huge cyberattack from China

Posted:
in iOS edited December 2024

The FBI and Cybersecurity and Infrastructure Security Agency say that Americans should use encrypted apps such as iMessage and FaceTime to be safe from foreign hackers.


Image credit: Elchinator on Pixabay



It's an about-face for the FBI, which has for years demanded that Apple allow the agency unencrypted access to Messages. The new warning comes in the face of what it and the Cybersecurity and Infrastructure Security Agency (CISA) say is China's ongoing Salt Typhoon hack.

"Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication," Jeff Greene, executive assistant director for cybersecurity at the CISA, told NBC News in a press call. "Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible."

The FBI official on the call, who has asked to remain anonymous, also appeared to specifically recommend using iPhones.

"People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates," said the official, "[as well as] responsibly managed encryption and phishing resistant multi-factor authentication for email, social media and collaboration tool accounts."

The FBI and CSIA warning follows incidents such as the Salt Typhoon group reportedly gaining access to US law enforcement's wiretap network. It's suspected that the group also hacked the iPhones of US presidential campaign officials.

The size of the law enforcement tap in particular is so large that Greene said it was impossible "to predict a time frame on when we'll have full eviction."

Both Apple's iMessages and Google Messages are end to end encrypted, as is FaceTime. However, old-style text messages are not.

RCS is encrypted in Google's implementation, but Apple reportedly preferred to work with the GSMA to add encryption to the standard RCS. As of September 2024, however, Google and Apple were still working on the issue.

So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.



Read on AppleInsider

«1

Comments

  • Reply 1 of 26
    rob53rob53 Posts: 3,323member
    It doesn't surprise me that campaign officials iPhones were hacked. Government iPhones are required to be managed by DoD IT and Security systems and staff but we all know certain campaign people will use their own phones without any additional security measures. This was done so government security staff members could not track these phones. I haven't worked for a government agency for eleven years but when I did, only government configured iPhones were allowed to be used for unclassified and classified use. These were tightly configured, for the time, and regularly monitored. Of course, no political figure wants their phone monitored but that doesn't matter because these phones are government property, subject to government configuration and monitoring. Using a private phone to conduct government business is also illegal but that never stops certain government officials.
    watto_cobra
  • Reply 2 of 26
    Drew.KocurDrew.Kocur Posts: 8unconfirmed, member
    If the FBI is recommending iMessage and FaceTime then they are compromised. Look elsewhere.
  • Reply 3 of 26
    DAalsethDAalseth Posts: 3,097member
    If the FBI is recommending iMessage and FaceTime then they are compromised. Look elsewhere.
    Which is exactly what Mole would say. 
    mike1jas99tdknoxwatto_cobra
  • Reply 4 of 26
    gatorguygatorguy Posts: 24,677member

    So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.

    The same is true for an Android owner. If just one iPhone user is part of the Google Messages conversation then the entire group may be compromised.

     This is the number one reason that Apple should be aggressively involved in closing up their end of RCS. It makes everyone's messaging vulnerable as long as they don't, even those messages between iPhone owners that can't be sent with iMessage for varying reasons.
    edited December 2024 muthuk_vanalingam
  • Reply 5 of 26
    IanSIanS Posts: 48member
    This is the same FBI that wanted Apple to build in a backdoor?
    lotonestdknoxdanoxwatto_cobra
  • Reply 6 of 26
    mike1mike1 Posts: 3,444member
    IanS said:
    This is the same FBI that wanted Apple to build in a backdoor?

    Ironic, isn't it.
    jas99lotonestdknoxwatto_cobra
  • Reply 7 of 26
    mike1 said:
    IanS said:
    This is the same FBI that wanted Apple to build in a backdoor?

    Ironic, isn't it.
    Like rain on your wedding day?
    appleinsideruserapple4thewinwatto_cobra
  • Reply 8 of 26
    danoxdanox Posts: 3,479member
    IanS said:
    This is the same FBI that wanted Apple to build in a backdoor?
    They still want that back door….
    watto_cobra
  • Reply 9 of 26
    danoxdanox Posts: 3,479member
    gatorguy said:

    So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.

    The same is true for an Android owner. If just one iPhone user is part of the Google Messages conversation then the entire group may be compromised.

     This is the number one reason that Apple should be aggressively involved in closing up their end of RCS. It makes everyone's messaging vulnerable as long as they don't, even those messages between iPhone owners that can't be sent with iMessage for varying reasons.
    ?????? :)
    watto_cobra
  • Reply 10 of 26
    Ah yes, recall when the same government was insisting that we have backdoors in all the encryption systems so they could break into our comms, but people said that would let bad people to break in as well.

    So now those same people are saying we all need to use safely encrypted channels because bad people are breaking into our comms.
    chasmwatto_cobra
  • Reply 11 of 26
    tdknox said:
    mike1 said:
    IanS said:
    This is the same FBI that wanted Apple to build in a backdoor?

    Ironic, isn't it.
    Like rain on your wedding day?

    It's a free ride when you've already paid
    apple4thewinwatto_cobra
  • Reply 12 of 26
    maltzmaltz Posts: 513member
    mike1 said:
    IanS said:
    This is the same FBI that wanted Apple to build in a backdoor?

    Ironic, isn't it.

    Perhaps even more than you realize... what they've hacked into (and are still in) is the backdoor built into the telephone system used for legal wiretaps.
    watto_cobra
  • Reply 13 of 26
    maltzmaltz Posts: 513member
    gatorguy said:

    So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.

    The same is true for an Android owner. If just one iPhone user is part of the Google Messages conversation then the entire group may be compromised.

     This is the number one reason that Apple should be aggressively involved in closing up their end of RCS. It makes everyone's messaging vulnerable as long as they don't, even those messages between iPhone owners that can't be sent with iMessage for varying reasons.

    According to the article, Apple *is* working on that - except they're doing it by getting it added to the RCS standard itself, rather than doing it through a proprietary add-on.
    beowulfschmidtchasmwatto_cobra
  • Reply 14 of 26
    gatorguygatorguy Posts: 24,677member
    maltz said:
    gatorguy said:

    So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.

    The same is true for an Android owner. If just one iPhone user is part of the Google Messages conversation then the entire group may be compromised.

     This is the number one reason that Apple should be aggressively involved in closing up their end of RCS. It makes everyone's messaging vulnerable as long as they don't, even those messages between iPhone owners that can't be sent with iMessage for varying reasons.

    According to the article, Apple *is* working on that - except they're doing it by getting it added to the RCS standard itself, rather than doing it through a proprietary add-on.
    The article does SAY they're working on it. ;) That doesn't mean they're dedicated to it.  IMO their heart isn't in it, and for marketing reasons.

    FWIW Google has already integrated what will become part of the RCS standard and actively working with the GSMA in making it compatible with iOS: MLS E2EE.  Apple will only need to use the most recent version instead of the very old and most basic one they currently employ in order for both Android and Apple users to have cross-platform RCS messaging encryption and security. 


  • Reply 15 of 26
    gatorguy said:

    So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.

    The same is true for an Android owner. If just one iPhone user is part of the Google Messages conversation then the entire group may be compromised.

     This is the number one reason that Apple should be aggressively involved in closing up their end of RCS. It makes everyone's messaging vulnerable as long as they don't, even those messages between iPhone owners that can't be sent with iMessage for varying reasons.
    The same can be said for people using Android phones that don’t support RCS. Google should be aggressively encouraging them to update to modern OS, it makes everyone’s messaging vulnerable as long as they aren’t. 

    Of course, iMessages have been encrypted from the start, so even if I send a iMessage to a person using an iPhone 4 it will be encrypted. 
    watto_cobra
  • Reply 16 of 26
    gatorguygatorguy Posts: 24,677member
    gatorguy said:

    So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.

    The same is true for an Android owner. If just one iPhone user is part of the Google Messages conversation then the entire group may be compromised.

     This is the number one reason that Apple should be aggressively involved in closing up their end of RCS. It makes everyone's messaging vulnerable as long as they don't, even those messages between iPhone owners that can't be sent with iMessage for varying reasons.
    The same can be said for people using Android phones that don’t support RCS. Google should be aggressively encouraging them to update to modern OS, it makes everyone’s messaging vulnerable as long as they aren’t. 

    Of course, iMessages have been encrypted from the start, so even if I send a iMessage to a person using an iPhone 4 it will be encrypted. 
    Recent data shows the percentage of Android users already actively using RCS messaging is estimated to be around 70-80% in regions with widespread carrier support. With Samsung now committed to using Google Messages with E2EE as well, those numbers will be going even higher. If someone has a fairly recent Android device, RCS is enabled by default. 
    edited December 2024
  • Reply 17 of 26
    gatorguy said:
    gatorguy said:

    So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.

    The same is true for an Android owner. If just one iPhone user is part of the Google Messages conversation then the entire group may be compromised.

     This is the number one reason that Apple should be aggressively involved in closing up their end of RCS. It makes everyone's messaging vulnerable as long as they don't, even those messages between iPhone owners that can't be sent with iMessage for varying reasons.
    The same can be said for people using Android phones that don’t support RCS. Google should be aggressively encouraging them to update to modern OS, it makes everyone’s messaging vulnerable as long as they aren’t. 

    Of course, iMessages have been encrypted from the start, so even if I send a iMessage to a person using an iPhone 4 it will be encrypted. 
    Recent data shows the percentage of Android users already actively using RCS messaging is estimated to be around 70-80% in regions with widespread carrier support. With Samsung now committed to using Google Messages with E2EE as well, those numbers will be going even higher. If someone has a fairly recent Android device, RCS is enabled by default. 
    Based on my contacts alone that seems reasonable. I’d say about 20% of my Android contacts don’t support RCS. Google clearly still has work to do there. On the other hand, 100% of my iPhone contacts support iMessage.
    watto_cobra
  • Reply 18 of 26
    gatorguygatorguy Posts: 24,677member
    gatorguy said:
    gatorguy said:

    So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.

    The same is true for an Android owner. If just one iPhone user is part of the Google Messages conversation then the entire group may be compromised.

     This is the number one reason that Apple should be aggressively involved in closing up their end of RCS. It makes everyone's messaging vulnerable as long as they don't, even those messages between iPhone owners that can't be sent with iMessage for varying reasons.
    The same can be said for people using Android phones that don’t support RCS. Google should be aggressively encouraging them to update to modern OS, it makes everyone’s messaging vulnerable as long as they aren’t. 

    Of course, iMessages have been encrypted from the start, so even if I send a iMessage to a person using an iPhone 4 it will be encrypted. 
    Recent data shows the percentage of Android users already actively using RCS messaging is estimated to be around 70-80% in regions with widespread carrier support. With Samsung now committed to using Google Messages with E2EE as well, those numbers will be going even higher. If someone has a fairly recent Android device, RCS is enabled by default. 
    Based on my contacts alone that seems reasonable. I’d say about 20% of my Android contacts don’t support RCS. Google clearly still has work to do there. On the other hand, 100% of my iPhone contacts support iMessage.
    It's doubtful that 100% of your contacts support iMessage. :)

    As long as every message is from a fellow iPhone owner and remains within iMessage, yup 100% support it. That's one of the things I like about my iPhone. But things are never constant, and like with iMessage, 100% of my Android contacts have RCS support with Google Messages, though there are some who choose to use other messaging apps instead, same as some iPhone owners who by choice don't use iMessage. 

    But I think you're missing the point entirely, just ignoring it.

    If every person you want to contact has only an iPhone then iMessage is all you need. I have both Android and iPhone owning friends, and I'd wager you do too. The only reason my conversations between all of us can't be private and secure is primarily Apple's fault. Were it not for lack of encryption we'd be good. Google Messages is not lacking in privacy, security and for the most part, features. 

    None of the Android phone owners you know will ever have iMessage, Apple won't allow it, so that's not an option for a huge percentage of smartphone users. But as soon as Apple catches up we can all communicate securely anyway, iMessage or not. 
    edited December 2024 muthuk_vanalingam
  • Reply 19 of 26
    dinkydogs said:
    tdknox said:
    mike1 said:
    IanS said:
    This is the same FBI that wanted Apple to build in a backdoor?

    Ironic, isn't it.
    Like rain on your wedding day?

    It's a free ride when you've already paid
    It’s the good advice that you just didn’t take
    watto_cobra
  • Reply 20 of 26
    gatorguy said:
    gatorguy said:
    gatorguy said:

    So it appears for now that using RCS to send messages between iPhones and Android is not encrypted. That also means that if any iMessage group has even one Android member in it, the group's conversation can potentially be read.

    The same is true for an Android owner. If just one iPhone user is part of the Google Messages conversation then the entire group may be compromised.

     This is the number one reason that Apple should be aggressively involved in closing up their end of RCS. It makes everyone's messaging vulnerable as long as they don't, even those messages between iPhone owners that can't be sent with iMessage for varying reasons.
    The same can be said for people using Android phones that don’t support RCS. Google should be aggressively encouraging them to update to modern OS, it makes everyone’s messaging vulnerable as long as they aren’t. 

    Of course, iMessages have been encrypted from the start, so even if I send a iMessage to a person using an iPhone 4 it will be encrypted. 
    Recent data shows the percentage of Android users already actively using RCS messaging is estimated to be around 70-80% in regions with widespread carrier support. With Samsung now committed to using Google Messages with E2EE as well, those numbers will be going even higher. If someone has a fairly recent Android device, RCS is enabled by default. 
    Based on my contacts alone that seems reasonable. I’d say about 20% of my Android contacts don’t support RCS. Google clearly still has work to do there. On the other hand, 100% of my iPhone contacts support iMessage.
    It's doubtful that 100% of your contacts support iMessage. :)

    As long as every message is from a fellow iPhone owner and remains within iMessage, yup 100% support it. That's one of the things I like about my iPhone. But things are never constant, and like with iMessage, 100% of my Android contacts have RCS support with Google Messages, though there are some who choose to use other messaging apps instead, same as some iPhone owners who by choice don't use iMessage. 

    But I think you're missing the point entirely, just ignoring it.

    If every person you want to contact has only an iPhone then iMessage is all you need. I have both Android and iPhone owning friends, and I'd wager you do too. The only reason my conversations between all of us can't be private and secure is primarily Apple's fault. Were it not for lack of encryption we'd be good. Google Messages is not lacking in privacy, security and for the most part, features. 

    None of the Android phone owners you know will ever have iMessage, Apple won't allow it, so that's not an option for a huge percentage of smartphone users. But as soon as Apple catches up we can all communicate securely anyway, iMessage or not. 
    Just to be clear, I said 100% of my iPhone contacts, that’s opposed to my Android contacts. 

    It’s great that 100% of your Android contacts have RCS support, but several of mine do not, and by your own statistic of 70-80% RCS penetration you are probably an outlier here. So, if one of my no-RCS Android users were in a group chat with only other Android users there would be no E2EE (why do we use a “2”?!) in their chat.

    You seem to be saying all messages between iPhone and Android users would be E2EE if only Apple would get on board, but that clearly isn’t the case since not all Android users have phones that support RCS. Even if Apple rolled out an update to iOS tomorrow that fully supported E2EE RCS there would still be Android users out there that either don’t or can’t support it.

    Here’s another thing, if there’s still a reasonably large chance that sending a message to an Android user won’t be able to use RCS then why should Apple rush to offer it? Apple knows that all messages sent using iMessage are encrypted, as do many iMessage users, and all messages sent to an Android user are not encrypted. If they enable encrypted RCS now there’s still not much of a guarantee that the message will be able to be sent encrypted. That’s adding potential confusion to the process. Once Android gets to something much closer to 100% coverage than the current possibly 70% coverage then I’d expect Apple to offer it. Right now, not so much. (I mean, obviously)
    watto_cobra
Sign In or Register to comment.