Executive Summary
The Cybersecurity and Infrastructure Security Agency (CISA) has issued critical guidance to mitigate cyber espionage activities targeting telecommunications infrastructure, particularly those linked to threat actors from the People’s Republic of China (PRC). These activities compromise sensitive information, including call records and private communications, posing significant risks to highly targeted individuals, such as senior government officials and executives.
This report summarizes actionable best practices from CISA’s guidance to protect mobile communications and mitigate risks associated with these threats. While these measures are aimed at individuals at high risk, they are universally applicable for enhancing mobile security.
Recommendations Overview
General Best Practices
- Use End-to-End Encrypted Communication:
- Applications like Signal provide secure messaging, voice, and video communication across platforms.
- Evaluate applications based on metadata collection policies and privacy-enhancing features like disappearing messages.
- Implement Phishing-Resistant Multifactor Authentication (MFA):
- Replace SMS-based MFA with FIDO-based authentication methods such as security keys (e.g., Yubico, Google Titan).
- Enroll high-value accounts (email, social media) in advanced protection programs where available.
- Use a Password Manager:
- Adopt reputable password managers to store and generate strong, unique passwords.
- Ensure the master password for the manager is a secure passphrase.
- Set a Telecommunications PIN:
- Add a PIN to your mobile carrier account to protect against SIM-swapping attacks.
- Use MFA for account access whenever available.
- Maintain Up-to-Date Software:
- Enable automatic updates for mobile operating systems and applications to address vulnerabilities promptly.
- Avoid Personal VPNs:
- Personal VPNs can increase the attack surface and pose additional risks.
- Instead, focus on encrypted DNS services for improved security and privacy.
Device-Specific Guidance
For iPhone Users
- Enable Lockdown Mode to reduce exploitable features and limit the attack surface.
- Use Apple iCloud Private Relay for encrypted DNS and enhanced privacy in Safari.
- Regularly review and restrict app permissions through the device's privacy settings.
For Android Users
- Select devices from manufacturers with strong security track records and long-term update commitments.
- Enable Rich Communication Services (RCS) with end-to-end encryption for messaging.
- Use encrypted DNS resolvers such as Cloudflare (1.1.1.1), Google (8.8.8.8), or Quad9 (9.9.9.9).
- Confirm Google Play Protect is active and regularly review app scans for potential threats.
Incident Reporting
CISA encourages reporting cyber incidents through the following channels:
- Phone: 1-844-SAY-CISA (1-844-729-2472)
- Email: report@cisa.dhs.gov
- Online: CISA Services
When reporting, include relevant details such as the date, time, type of activity, affected individuals or systems, and a point of contact for follow-up.
Conclusion
Implementing the above best practices significantly reduces risks associated with cyber threats targeting mobile communications. While no solution provides complete immunity, a proactive approach ensures a stronger security posture against evolving adversaries.
For additional guidance or tailored solutions, contact Critical Path Security.
Sources:
Disclaimer: This report is based on publicly available information marked TLP:CLEAR by CISA. Redistribution is unrestricted.