It sounds crazy, but the FBI is warning businesses to avoid cross-platform texting. Why? It’s all in response to the recent discovery of hackers who infiltrated 8 U.S. telecom carriers with the intent of stealing user data and even potentially recording phone calls.  While government officials are at a much higher risk of being impacted, there is enough evidence that the everyday user could also be targeted.  Here’s what you need to know:

What prompted the FBI Warning about Text Messaging

The Wall Street Journal broke the news when they reported that foreign state actors had infiltrated systems used by U.S. law enforcement agencies that enable them to conduct electronic surveillance operations under CALEA, or the Communications Assistance for Law Enforcement Act.  According to Jason Hong, a professor at Carnegie Mellon University’s School of Computer Science, CALEA is “for legitimate wiretaps that have been authorized by the courts,”  He goes on to say that in hackers’ hands, the tools could potentially be used “to surveil communications and metadata for lots of people. And it seems like the [hackers’] focus is primarily Washington, D.C.”

The FBI reported that the breach goes far beyond CALEA and that hackers are still accessing telecommunications networks.  According to the Biden administration, “at least eight telecommunications infrastructure companies in the U.S., and possibly more, had been broken into by Chinese hackers.”

The incident has been investigated since the spring of 2024. Hackers have stolen a large amount of metadata, and even the actual content of calls and texts was targeted.

How are These Text Messages Being Accessed?

Text messaging is encrypted as long as they don’t cross platforms.  iPhone and Android enable encrypted text messages as long as you only text iPhone to iPhone or Android to Android.  IPhone and Android have end-to-end encryption built into their messaging platforms when messaging another iPhone or Android.  End-to-end encryption means that even if hackers intercept a message, they can’t read the information in the message.

The problem occurs when messages are exchanged between an iPhone and an Android. With the addition of RCS to the iMessage platform, messages between iPhones and Androids no longer have end-to-end encryption, and any information sent between these devices is vulnerable. RCS is encrypted when the sending and receiving devices are both on the same platform—i.e., iOS to iOS or Android to Android. As a result, any message sent between these devices is at a high risk for interception.

How to Keep Business Communications Safe

Modern business communications require a comprehensive security approach spanning both traditional and cloud infrastructure. Start by implementing strict change management protocols – all modifications to network devices, firewall rules, and cloud settings should be documented and approved by authorized personnel. This creates accountability and prevents unauthorized changes that could compromise security.

Access control forms your next line of defense. Implement a “need-to-access” policy where only designated administrators can reach sensitive systems. Use egress filtering and access control lists to restrict network traffic to trusted IP addresses and segments. For remote access, invest in hardened workstations with restrictive policies to safely manage edge devices.

Monitoring is crucial for detecting potential threats. Enable comprehensive logging across your physical and cloud networks, ensuring you have the necessary licensing for cloud services. Regular reviews of these logs, along with monitoring of trusted networks and conditional access rules, help identify suspicious activity early.

Pay special attention to edge devices – they’re common entry points for attackers. Keep all firmware and patches current, regularly audit VPN infrastructure, and use modern cryptographic algorithms. Track end-of-life announcements for all hardware and software, not just operating systems. When vendors announce vulnerabilities, prioritize patching edge devices as they often lack the protection layers of internal systems.

Taking Action: Protecting Your Communications in an Age of Vulnerability

In light of the FBI Warning for Text Messaging, businesses and individuals should take immediate steps to protect their communications. For company-wide text messaging, consider implementing secure messaging platforms that offer end-to-end encryption across all devices. Until Apple and Android resolve their cross-platform encryption challenges, sensitive information should not be shared via standard text messages between different operating systems. While following the FBI’s guidance may seem inconvenient, the potential risks of compromised communications far outweigh the minor adjustments to our messaging habits. By implementing robust security measures and staying vigilant about how we communicate, we can better protect ourselves and our organizations from these evolving cyber threats.