The U.S. government is advising senior officials and politicians to abandon traditional phone calls and text messages following a series of cyber intrusions targeting major American telecommunications companies, attributed to Chinese hackers. In new guidance released Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) urged government leaders to immediately implement enhanced security practices when using mobile devices.
The key recommendation: “Use only end-to-end encrypted communications.” End-to-end encryption, which ensures that only the sender and recipient can read the messages, is already incorporated in popular apps like WhatsApp, iMessage, and Signal, as well as corporate platforms like Microsoft Teams and Zoom. In contrast, regular phone calls and text messages lack this encryption, making them vulnerable to surveillance by phone companies, law enforcement, and hackers who may exploit weaknesses in telecom infrastructure.
The warning comes after a series of cyberattacks attributed to the hacking group “Salt Typhoon,” which U.S. officials believe is backed by the Chinese government. Beijing has consistently denied accusations of engaging in cyber espionage.
A senior U.S. official revealed earlier this month that at least eight telecommunications and infrastructure firms had been compromised by the Salt Typhoon hackers, leading to the theft of vast amounts of American metadata. Democratic Senator Ben Ray Lujan described the breach as “likely the largest telecommunications hack in our nation’s history,” adding that the full scope of the damage is still unclear.
CISA’s executive assistant director for cybersecurity, Jeff Greene, confirmed that investigations are ongoing and that different agencies and individuals are at various stages in responding to the breach. He warned that the Salt Typhoon incident is part of a broader pattern of Chinese-linked cyberattacks targeting critical infrastructure, which includes operations known under the nickname “Volt Typhoon.”
Greene emphasized the need for long-term defense strategies, stating, “This is ongoing PRC activity that we need to both prepare for and defend against for the long term.”
While end-to-end encryption has long been advocated by digital safety experts, including those at the Electronic Frontier Foundation (EFF), the government’s move to advise officials away from traditional phone networks marks a significant step. EFF senior staff technologist Cooper Quintin welcomed the guidance but expressed concern over the broader implications, calling it “a huge indictment of the telecoms that run the nation’s infrastructure.”
In addition to avoiding regular calls and texts, CISA also recommended that officials steer clear of text messages with one-time passwords, often used by banks for account verification. Instead, they are encouraged to use hardware security keys, which offer better protection against phishing attacks.
Cybersecurity expert Tom Hegel, a threat researcher at SentinelOne, supported CISA’s advice, noting that while Chinese hackers are a major threat, other cybercriminals also target unsecured communications. He added, “A wide variety of spies and hackers stand to lose valuable access if their targets adopt these security measures.”
