The U.S. government is urging high-ranking officials to communicate using encrypted messaging due to rising worries about a “significant cyber espionage campaign” attributed to the Chinese government, as noted by the Federal Bureau of Investigation (FBI).

This week, the Cybersecurity and Infrastructure Security Agency (CISA) provided recommendations aimed at preventing the compromise of private communications for specific individuals, particularly senior government and political leaders.

This advice comes after an FBI and CISA investigation was initiated last month into suspected cyber espionage that has targeted the nation’s telecommunications infrastructure with ties to China. While the agencies report that the number of individuals at risk is small and mainly includes those involved in political matters, they caution that the hackers may still be operational and are advising all smartphone users to remain vigilant about their communication practices.

CISA is encouraging high-risk individuals to use only encrypted communication for the time being. Here’s an overview of what end-to-end encrypted communication entails and steps all smartphone users can take to secure their data.

What is Encrypted Communication and How Does It Function?

End-to-end encryption is a security technique that ensures only the participants of a conversation can access the information being exchanged. No external entities, including service providers, can read the messages.

When data is encrypted, it is transformed into a format known as ciphertext, according to Encryption Consulting. Only a specific key—essentially a unique, random set of characters resembling a password—can unlock, or decrypt, this data.

Which Popular Messaging Applications Utilize Encryption?

Why Is SMS Not Encrypted?

Short Message Service (SMS), commonly referred to as SMS, lacks encryption. This is due to the fact that when SMS was introduced—starting with the first text message in 1992—there was significantly less emphasis on digital security. Furthermore, robust encryption technologies were not available at that time.

Because SMS messages transit through cellular networks, they are susceptible to interception by hackers.

Additional Tips for Safeguarding Data

Aside from using encrypted communication, CISA recommends the following practices:

• Enable Fast Identity Online authentication. This strong security measure enhances the protection of accounts and sensitive data. Google Titan and Tubico are suggested options.
• Do not rely on SMS for two-factor authentication. Since SMS messages aren’t encrypted, they could be vulnerable to interception.
• Utilize a password manager. Options include Apple Passwords, LastPass, 1Password, Google Password Manager, and NordPass.
• Set a Telco PIN for your mobile carrier account to secure sensitive operations.
• Keep your software updated regularly.
• Opt for the latest version of your smartphone hardware. Newer devices come equipped with essential security features that older models may lack.
• Avoid using personal VPNs.

Steps for iPhone Users to Protect Mobile Data

CISA suggests that iPhone users follow these instructions to safeguard mobile communications:

1. Activate Lockdown Mode, which restricts certain apps and features, disabling options like SharePlay and Live Photos.
2. Disable SMS. To do this, access the Settings app, navigate to Apps, then Messages, and switch off “Send as Text Message.”
3. Secure Domain Name System using services like Cloudflare’s 1.1.1.1 Resolver, Google’s 8.8.8.8 Resolver, or Quad9’s 9.9.9.9 Resolver. These services enhance encrypted domain name systems to mitigate hacking risks. The Domain Name System converts user-friendly domain names (like google.com) into IP addresses.
4. Subscribe to Apple iCloud Private Relay, utilizing a secure Domain Name System and hiding IP addresses while distributing traffic between Apple and third-party servers to reduce the chances of tracking online behavior to a user’s identity. Follow the iCloud User Guide for enrollment instructions.
5. Examine and limit app permissions related to data such as location, camera, and microphone. To review permissions, go to the Settings app, then Privacy, and Security.

Steps for Android Users to Protect Mobile Data

CISA encourages Android users to implement the following measures:

1. Select devices from manufacturers known for robust security and regular updates. Refer to the Android Enterprise Recommended list to find the best models.
2. Use Rich Communication Services only if encryption is active.
3. Set up an Android Private Domain Name System using services like Cloudflare’s 1.1.1.1 Resolver, Google’s 8.8.8.8 Resolver, or Quad9’s 9.9.9.9 Resolver.
4. Ensure “Always Use Secure Connections” is enabled. This setting in Google Chrome safeguards browsing history.
5. Enable “Enhanced Protection for Safe Browsing.” This Chrome browser feature protects against malicious websites, phishing, and harmful downloads.
6. Verify that Google Play Protect is active. This feature scans and prevents the installation of potentially harmful apps.
7. Review and restrict app permissions. To check, go into the Settings app, navigate to Apps, then Permissions Manager. Limit access for apps that track unnecessary data like location, camera, and microphone.