FB pixel

CISA issues comprehensive roadmap to enhance mobile security in wake of PRC attacks

CISA issues comprehensive roadmap to enhance mobile security in wake of PRC attacks
 

The Cybersecurity and Infrastructure Security Agency (CISA) has released a comprehensive report addressing the critical vulnerabilities and best practices for securing mobile communications against cyber threats, particularly from state-sponsored bad actors.

“CISA strongly urges highly targeted individuals to immediately review and apply the best practices … to protect mobile communications,” the agency said, emphasizing “highly targeted individuals should assume that all communications between mobile devices – including government and personal devices – and Internet services are at risk of interception or manipulation.”

While no single solution eliminates all risks, CISA said, “implementing these best practices significantly enhances protection of sensitive communications against government-affiliated and other malicious cyber actors.”

Although high-profile individuals are especially urged to adopt the practices CISA outlines given the targeted nature of advanced cyber-espionage campaigns, the guidance is universally applicable, as the fundamental principles of securing communications, protecting accounts, and minimizing vulnerabilities resonate across all user demographics.

This latest CISA guidance serves as a wake-up call about the broader implications of mobile security in today’s interconnected world. The guidance highlights how targeted attacks on mobile communications can have far-reaching consequences, compromising sensitive personal and organizational data, and underscores the need for vigilance at all levels.

This guidance is driven by the cyber-espionage activities carried out by the People’s Republic of China (PRC) that have targeted commercial telecommunications infrastructure to intercept sensitive communications. The report is not limited to governmental or organizational entities but extends its relevance to individuals in senior political and governmental positions who may possess sensitive information of interest to adversaries.

“This activity enabled the theft of customer call records and the compromise of private communications for a limited number of highly targeted individuals,” CISA said, adding that, “while applicable to all audiences, this guidance specifically addresses ‘highly targeted’ individuals who are in senior government or senior political positions and likely to possess information of interest to these threat actors. CISA is releasing this best practice guidance to promote protections for mobile communications from exploitation by PRC-affiliated and other malicious cyber threat actors.”

Biometric Update earlier reported that the PRC-affiliated bad actors are believed to have accessed the unencrypted communications of senior U.S. officials, including individuals associated with presidential campaigns. Notably, they targeted the phones of President-elect Donald Trump, Vice President-elect J.D. Vance, members of former Democratic presidential candidate Vice President Kamala Harris’s campaign staff, and the staff of Senate Majority Leader Chuck Schumer.

Earlier this month, CISA and the Five Eyes issued guidance for network engineers and other defenders of communications infrastructure. The guidance included the best practices that should be used to strengthen visibility and harden network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors.

All the guidance that has thus far been issued is in direct response to the breach of telecommunications infrastructure carried out by the Chinese government-linked hacking collective known as Salt Typhoon. Central to the guidance are measures that prioritize user privacy and robust authentication mechanisms that are critical for countering modern cyber threats.

The latest CISA guidance emphasizes the importance of a multi-layered approach to mobile security, acknowledging that no single solution can eliminate the risk. Instead, CISA advocates for adopting a series of robust best practices that, collectively, can significantly enhance protection against cyber threats. This detailed guidance covers general security recommendations, platform-specific suggestions for iPhone and Android users, and critical steps for incident reporting.

The new CISA guidance focuses on the adoption of end-to-end encrypted communication platforms to ensure that private conversations remain secure. Apps like Signal are highlighted as effective solutions due to their encryption capabilities, cross-platform compatibility, and additional privacy features such as disappearing messages. The evaluation of metadata storage by these apps is also advised, ensuring minimal exposure of potentially sensitive data.

Authentication emerges as another cornerstone of mobile security. The report strongly advocates for adopting Fast Identity Online (FIDO) protocols, emphasizing hardware-based security keys like Yubico or Google Titan as the most secure form of multi-factor authentication (MFA). This approach, CISA says, safeguards against phishing-resistant attacks and strengthens account integrity, especially for critical services like email and social media platforms.

The vulnerabilities of Short Message Service (SMS)-based MFA are also addressed, with CISA urging individuals to migrate to authenticator applications or, ideally, FIDO-based systems. The report warns of the ease with which SMS messages can be intercepted by malicious actors and underscores the importance of disabling SMS fallback mechanisms in authentication workflows.

Password management is another critical focus, with CISA recommending the use of reliable password managers that can generate strong, unique passwords and provide alerts for compromised or weak credentials. Users are advised to protect their password vaults with robust passphrases and periodically review and update stored passwords.

Another significant recommendation made by CISA includes setting a PIN or passcode for mobile carrier accounts to mitigate the risk of Subscriber Identity Module (SIM) swapping, a technique increasingly exploited by cybercriminals to hijack mobile accounts. Regular software updates and the use of the latest hardware are stressed to ensure that users benefit from the most recent security advancements and patches.

The CISA guidance also provides tailored advice for iPhone users, recognizing the unique features and vulnerabilities of the platform. It encourages enabling Apple’s Lockdown Mode to restrict the attack surface available to malicious actors. Additional recommendations include disabling the “Send as Text Message” feature to ensure that communications default to the encrypted iMessage protocol, even in cases of connectivity disruptions.

To further enhance privacy, users are advised to enable Apple iCloud Private Relay, a service that protects DNS queries, masks IP addresses, and splits Internet traffic across multiple servers to limit the ability of any single entity to link user activity with their identity. Reviewing app permissions and limiting unnecessary access to sensitive data like location, camera, and microphone is also highlighted as an essential step.

For Android users, the recommendations emphasize selecting devices from manufacturers committed to long-term security updates and integrating hardware-level security features. This approach ensures that devices remain protected against emerging threats throughout their operational lifespan.

CISA’s new guidance advocates for using Rich Communication Services (RCS) with end-toend encryption enabled and configuring Android Private DNS with trusted resolvers such as Cloudflare’s 1.1.1.1 or Google’s 8.8.8.8 to secure internet traffic. Users are also advised to enable Enhanced Protection for Safe Browsing in the Chrome browser and Google Play Protect to detect and prevent malicious apps.

Additionally, Android users are encouraged to review app permissions regularly, revoking access to sensitive functions unless absolutely necessary. The report underscores the importance of exercising caution when downloading apps from third-party stores or sideloading, which can introduce additional vulnerabilities.

CISA acknowledges that while the measures outlined in its latest guidance may seem burdensome or overly cautious to some users, they are necessary in an era where cyber threats are increasingly sophisticated and relentless. By integrating these practices into daily routines, users can create a more resilient security posture, reducing their exposure to risks and ensuring the confidentiality and integrity of their communications.

CISA also provided clear guidance on how to report cyber incidents, encouraging timely and detailed submissions to their agency. This includes providing information on the nature of the incident, affected individuals or equipment, and any suspected threat actors. Such reporting is crucial for understanding the broader threat landscape and developing collective defenses against malicious activities.

The Mobile Communications Best Practice Guidance from CISA serves as a critical resource in the fight against cyber threats. By addressing both general and platform-specific vulnerabilities, the guidance provides a comprehensive roadmap for individuals and organizations to enhance their mobile security. The proactive adoption of these measures is not merely an option but a necessity in safeguarding sensitive communications in a rapidly evolving threat environment. As cyber actors continue to exploit weaknesses in telecommunications infrastructure, following these best practices can be the difference between vulnerability and resilience.

Related Posts

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Securing user trust and safeguarding platforms with biometric identity verification

Verified trust is the new currency: so says a new report from reusable verified identity and screening company Trua, looking…

 

Essex Police reveal impressive accuracy of LFR from Corsight, Digital Barriers

England’s Essex Police have performed 383,356 match attempts with live facial recognition software from Corsight AI and Digital Barriers, with…

 

US and UK refusal to sign Paris declaration shows divergence in AI strategy

The U.S. and the UK have declined to sign the Paris AI summit declaration, which seeks to establish a “human…

 

DHS’s compliance with AI privacy, civil liberties requirements lacking, IG says

The Department of Homeland Security (DHS) has made strides in developing policies and frameworks to govern its AI use, including…

 

Precise Biometrics: quarterlies, annuals, SEC actions

Feb 13, 2025 – Net sales for Precise Biometrics rose 15.7 percent percent from 75.1 million Swedish kronor (approximately US$7 million)…

 

YouTube, Meta lean into age assurance in 2025

In the past twelve months, age assurance for online content – a method for knowing that a user is of…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events