The US cybersecurity agency CISA has released guidance for highly targeted individuals to protect their mobile communications against exploitation from threat actors. The document was published as reaction to a recent telecom hacking campaign that targeted large wireless carriers in the US, including Verizon, AT&T, Lumen Technologies, and T-Mobile, and which has been attributed to a China-linked cyberespionage group tracked as Salt Typhoon.
In early December, the US government issued guidance for improving the security of communications infrastructure, specifically highlighting risks associated with Cisco devices, an attractive target to Chinese state-sponsored groups.
Now, CISA is releasing Mobile Communications Best Practice (PDF), a guide for end users that identifies security measures they should adopt to protect their mobile communications against espionage campaigns conducted by Chinese hackers or other foreign threat actors.
The guidance is intended for highly targeted individuals, “who are in senior government or senior political positions and likely to possess information of interest to these threat actors.”
“Highly targeted individuals should assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation,” the cybersecurity agency notes.
According to CISA, users should use end-to-end encrypted messaging applications, such as Signal, which secure communications across mobile and desktop platforms, and which may also enhance privacy by offering support for disappearing messages.
CISA also recommends that users enable Fast Identity Online (FIDO) phishing-resistant multi-factor authentication (MFA) for their accounts, refrain from using SMS-based MFA, employ a password manager, set a telco PIN or passcode for their mobile phone accounts, keep their operating system and applications always updated, use the latest hardware from their phone makers, and refrain from using personal virtual private networks (VPNs).
iPhone users, CISA says, should enable Lockdown Mode, disable sending SMS messages if iMessages is unavailable, use encrypted DNS services for iOS, enroll in Apple iCloud Private Relay, and review and restrict application access to sensitive information such as camera, location, and microphone.
Android users are advised to choose device models from manufacturers with strong security track records, use Rich Communication Services (RCS) if end-to-end encryption is enabled, protect their DNS queries, ensure their Chrome browser is configured to always use secure connections, enable Enhanced Protection in Safe Browsing, ensure that Google Play Protect is enabled, and review and restrict unnecessary app permissions.
While specifically aimed at highly targeted individuals, the guidance is applicable to all audiences, CISA says. Users are advised to review the agency’s best practices guide and apply them immediately to protect their mobile communications.