he Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have issued a joint advisory urging all Americans to use end-to-end encrypted communications applications following the revelation that Chinese state-sponsored hackers, operating under the threat actor designation Salt Typhoon, had successfully infiltrated at least eight major US telecommunications providers.
The Recommended Applications
The advisory specifically recommended Signal, WhatsApp, and iMessage as applications that implement end-to-end encryption by default, making intercepted transmissions unreadable to third parties including the telecoms infrastructure through which they travel. The FBI's willingness to publicly endorse encrypted messaging is a notable shift from its historical posture.
“Reliance on SMS for two-factor authentication codes represents a meaningful and now-documented national security risk.”
— Nadia Osei, EvoFutura
For ordinary users, the advisory is a signal that reliance on SMS for sensitive communications — including two-factor authentication codes — represents a meaningful security risk. Security researchers have long warned that SMS is an inherently insecure channel, and the Salt Typhoon revelations provide a concrete national-security context for advice that has previously been dismissed as theoretical.