On Dec. 4, U.S. intelligence officials and the FBI announced a hacking campaign affecting at least eight U.S. telecommunication firms, including Verizon and AT&T.
In response, the Cybersecurity and Infrastructure Security Agency (CISA), along with domestic and international partners, issued guidance for telecommunication companies to strengthen their security. Recommendations include implementing measures like end-to-end encryption to safeguard both company and customer data.
Several news outlets reported that officials are advising against sending unencrypted text messages in the aftermath of the hack, so bad actors can’t read them.
VERIFY readers Barbara and Joseph asked us if Chinese hackers can actually read people’s text messages. Here’s what we can VERIFY about protecting your text message privacy.
THE QUESTION
Can hackers intercept and read some types of text messages?
THE SOURCES
- Joint guide from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), the FBI and other international partners published Dec. 3
- Cybersecurity and Infrastructure Security Agency (CISA)
- Apple
- WhatsApp, Signal and Telegram
- SoCRadar and How-To Geek, technology blogs
- McAfee
THE ANSWER
Yes, hackers can intercept and read some types of text messages. But there are ways to protect them.
WHAT WE FOUND
Messages sent between Apple and Android devices, as well as some types of messages sent between multiple Android devices, can be susceptible to hackers. But there is a type of protection that can ensure no hackers can read your texts. It’s called encryption.
Encryption uses an algorithm to scramble information, like text messages, that can only be un-scrambled by the recipient’s device. This layer of protection ensures that even if hackers or scammers intercept your texts, they can’t access the content.
When text messages aren’t encrypted, they travel across networks in plain text, making them vulnerable to interception, the SoCRadar and How-To Geek technology blogs explain. It’s like sending a letter without an envelope.
Encrypted messages aren’t plain text. They’re transformed into what’s called ciphertext, which appears across a network as a scrambled, unreadable string of characters.
Hackers can use tricks like creating fake cell towers or spying on public wireless networks to capture the messages. Without protection, text messages can be read and other personal information can be stolen.
So, hypothetically, if a hacker is monitoring a network and you send a message in plain unprotected text that says, “Meet at my house at 123 Elm Street, the door will be unlocked.” That is the message a hacker can read, leaving you (and your home) vulnerable. But, if you send it as an encrypted message, a hacker would only see gibberish, like "Ff8g$%qLq9d@8z.” Your intended recipient, though, would receive the real message.
Cellular providers don’t directly provide end-to-end encryption automatically, the Cybersecurity and Infrastructure Security Agency (CISA) says, but the device manufacturers and independent messaging apps often do. Here’s how some devices work and tips to protect yourself.
iMessages sent between Apple devices – the messages that appear in blue bubbles – are encrypted from end to end. However, messages sent from an Apple device to a non-Apple device – the messages that appear in green – are not encrypted.
For Android users using Google Messages, there is a feature known as Rich Communication Services. If that feature is turned on (here’s how) on both devices, the messages are encrypted.
Cross-platform messaging and third-party applications:
Text messages sent between Apple gadgets are encrypted, as are those exchanged between users of Google Messages, but text messages between Android and Apple devices are not encrypted, CISA says. That’s where third-party applications come in.
WhatsApp describes their encryption technology like having a key that is exchanged between recipients. The technology locks (encrypts) a message before it leaves a device, turning it into a jumbled code. Only the recipient’s device has the unique "key" to unlock (decrypt) it and make it readable again.
Stay secure with updates
While the use of these technologies is important to understand, you should also keep your software updated, McAfee, a security company, says. These security updates for devices and applications patch vulnerabilities that hackers or scammers exploit.
On an Android device, go to settings and click on software update. On an iPhone, go to settings, then general and then continue to software updates.
For more tips on protecting yourself from scammers and hackers, visit VERIFY’s website.
This story is also available in Spanish / Lee este artículo también en español: Cómo puedes proteger tus mensajes de texto después de la alerta de hackeo chino del FBI
The VERIFY team works to separate fact from fiction so that you can understand what is true and false. Please consider subscribing to our daily newsletter, text alerts and our YouTube channel. You can also follow us on Snapchat, Instagram, Facebook and TikTok. Learn More »