US Justice Dept to ramp up staffing for immigration cases
Australia household spending rises for fourth month in January
Trump policy change prompts bid to dismiss foreign agent case
US dollar struggles near 4-month low amid growth concern; jobs data in spotlight
SpaceX Starship failure prompts diversions, Florida airports ground stops
The photographer capturing the ‘indescribable magic’ of Australia’s landscapes
King Charles reveals music soundtrack to his life to mark Commonwealth Day
Federal cybersecurity officials issued a stark warning for smartphone users against using text messages for two-factor authentication, citing vulnerabilities in telecommunications networks that could expose users to security breaches.
The Cybersecurity and Infrastructure Security Agency (CISA) released new guidance urging smartphone users to abandon SMS-based authentication codes following the discovery of widespread telecom network breaches. The agency emphasized that text messages lack encryption, making them susceptible to interception by malicious actors who gain access to telecommunications networks.
"SMS messages are not encrypted — a threat actor with access to a telecommunication provider's network who intercepts these messages can read them," CISA stated in its memo. The agency noted that text-based verification methods are not "phishing-resistant" and pose particular risks for high-profile targets.
The warning comes in the wake of major network intrusions affecting AT&T, Verizon, and other carriers, which officials believe were orchestrated by Chinese hackers. According to security experts, the breach campaign, known as Salt Typhoon, may be "ongoing and likely larger in scale than previously understood. "
Jeff Greene, executive assistant director for cybersecurity at CISA, acknowledged the persistent nature of the threat. "We cannot say with certainty that the adversary has been evicted," Greene told Politico. "We're on top of tracking them down ... but we cannot with confidence say that we know everything, nor would our partners."
CISA recommends users switch to more secure authentication methods, including dedicated authentication apps, FIDO authentication, or passkeys. While authentication apps remain vulnerable to certain breaches, they offer stronger protection than SMS-based verification. For services that only provide text-based two-factor authentication, the agency advises users to seek alternative platforms when possible.
Additional security measures recommended by CISA include implementing password managers, creating strong passwords, setting device PINs, and maintaining current software updates on personal devices. The FBI has also advised users to adopt encrypted messaging platforms like Signal or WhatsApp for general communication.
