Trump appears with Italian Prime Minister Meloni at his Florida club
Biden's decision to block Nippon Steel takeover creates uncertainty for U.S. Steel workers
Drawn to New Orleans' iconic street of celebration, a night of partying becomes a nightmare
'Our county ignored Africa,' Jimmy Carter said. He didn't
Saudi Arabia's non-oil private sector keeps growing solidly in December, PMI shows
Why Scott Jennings thinks Republicans can pull off 'historic' piece of legislation
The Golden Globes are Sunday night. Here's five things to look for and how to watch them
Joe Burrow and the Cincinnati Bengals kept their playoff hopes alive by edging the Steelers 19-17
Federal cybersecurity officials issued a warning for smartphone users against using text messages for two-factor authentication, citing vulnerabilities.
Federal cybersecurity officials issued a stark warning for smartphone users against using text messages for two-factor authentication, citing vulnerabilities in telecommunications networks that could expose users to security breaches.
The Cybersecurity and Infrastructure Security Agency (CISA) released new guidance urging smartphone users to abandon SMS-based authentication codes following the discovery of widespread telecom network breaches. The agency emphasized that text messages lack encryption, making them susceptible to interception by malicious actors who gain access to telecommunications networks.
"SMS messages are not encrypted — a threat actor with access to a telecommunication provider's network who intercepts these messages can read them," CISA stated in its memo. The agency noted that text-based verification methods are not "phishing-resistant" and pose particular risks for high-profile targets.
The warning comes in the wake of major network intrusions affecting AT&T, Verizon, and other carriers, which officials believe were orchestrated by Chinese hackers. According to security experts, the breach campaign, known as Salt Typhoon, may be "ongoing and likely larger in scale than previously understood. "
Jeff Greene, executive assistant director for cybersecurity at CISA, acknowledged the persistent nature of the threat. "We cannot say with certainty that the adversary has been evicted," Greene told Politico. "We're on top of tracking them down ... but we cannot with confidence say that we know everything, nor would our partners."
CISA recommends users switch to more secure authentication methods, including dedicated authentication apps, FIDO authentication, or passkeys. While authentication apps remain vulnerable to certain breaches, they offer stronger protection than SMS-based verification. For services that only provide text-based two-factor authentication, the agency advises users to seek alternative platforms when possible.
Additional security measures recommended by CISA include implementing password managers, creating strong passwords, setting device PINs, and maintaining current software updates on personal devices. The FBI has also advised users to adopt encrypted messaging platforms like Signal or WhatsApp for general communication.
