Important Security Notice: FBI Alerts on the Risks of SMS Hacking

A recent report by the FBI and other cybersecurity agencies has highlighted a critical cybersecurity threat affecting both iPhone and Android users.

It emphasizes the risks associated with sending cross-platform unencrypted text messages, i.e. iPhone to Android, and Android to iPhone.

A sophisticated Chinese hacking group known as "Salt Typhoon" has been identified as the perpetrator behind exploiting vulnerabilities in SMS services after compromising US telecom networks. The FBI noted that this attack is “ongoing and likely larger in scale than previously understood”. Hackers can employ techniques such as phishing, SIM-swapping, and man-in-the-middle attacks to divert messages intended for you, potentially exposing your personal and financial data.

We recommend that everyone should not use SMS texts containing any confidential or sensitive work or personal information. It is safest to assume that any messages sent via SMS can be read by unauthorized third-parties.

Please note that iMessages within Apple products (iPhone, iPad, Apple Watch, Mac) are secure iMessages are blue bubbles in your messaging app.  Green bubbles in your messaging app are SMS text and are not secure.  Please read “If your iPhone messages are green” article for details - https://support.apple.com/en-us/105087. 

Apple has released of iOS 18.2 today.

This new version of iOS allows you to change your default messaging app from iMessage to a third-party app that ensures end-to-end encryption. Also note that Google Messages on Android products (Samsung Galaxy, Google Pixel, and others) are secure when “RCS” chats are enabled. 

To confirm RCS chats are enabled on your device, follow these steps - https://support.google.com/messages/answer/7189714?hl=en.

Full details of Google Messages can be found here - https://support.google.com/messages/?hl=en#topic=7502209.

To safeguard sensitive information and protect against potential SMS breaches, it is crucial to adopt strong security measures:

• Use Encrypted Messaging Apps: Avoid using SMS to transmit confidential data and opt for secure messaging applications like WhatsApp or Signal, which utilize end-to-end encryption. Google Messages and iPhone iMessages are fully encrypted for messages sent within each platform, but not across platforms.

• Enable Multi-Factor Authentication (MFA): Ensure that MFA is enabled on all accounts, including email, social media, and collaboration tools. This adds an extra layer of security by requiring a second form of verification in addition to your password.

• Keep Devices Updated: Regularly update your operating systems and applications to the latest versions to protect against known vulnerabilities.

Importance of End-to-End Encryption

End-to-end encryption ensures that only the communicating users can read the messages, preventing unauthorized access by hackers or even the service providers themselves. While the digital landscape affords many conveniences, it also presents vulnerabilities that require our immediate attention. By adopting secure communication methods and staying informed, we can collectively enhance our defenses against cyber threats.

For more information, you can refer to the detailed report on Forbes:

• https://www.forbes.com/sites/zakdoffman/2024/12/05/fbi-warns-iphone-and-android-users-stop-sending-texts/

• https://www.forbes.com/sites/zakdoffman/2024/12/07/apples-surprising-iphone-update-green-bubbles-end-next-week/

Best regards,

— Your HalcyonFT Team