CISA pushes guide for high-value targets to secure mobile devices

The Cybersecurity and Infrastructure Security Agency unveiled a detailed set of guidelines Wednesday to safeguard the mobile communications of high-value government targets in the wake of the ongoing Salt Typhoon telecom breach.

The guide aims to help both political and federal leadership harden their communications and avoid any data interception by the Chinese-linked espionage group. As of earlier this month, government agencies were still grappling with the attack’s full scope, federal officials told reporters. Among the targets were officials from both presidential campaigns, including the phone of President-elect Donald Trump.

The advisory details several key practices intended to mitigate risks associated with cyber threats and raise awareness on techniques that can thwart any type of malicious actor.

“I want to be clear that there’s no single solution that will eliminate all risks, but implementing these best practices will significantly enhance the protection of your communication,” said Jeff Greene, CISA’s executive assistant director for cybersecurity. “We urge everyone, but in particular those highly targeted individuals, to review our guidance and apply those that suit their needs.”

Even with the guidance’s focus on high-value targets, the advice is good for anyone that wants to take actions to secure their mobile devices. One of the primary recommendations includes the exclusive use of end-to-end encrypted messaging applications for secure communication. CISA suggests adopting apps like Signal, which provide robust encryption for both Android and iPhone platforms, preventing unauthorized interception of messages.

Furthermore, the guidelines advocate for the use of Fast Identity Online (FIDO) phishing-resistant authentication as a superior alternative to traditional multifactor authentication (MFA) methods. FIDO authentication, especially through hardware-based security keys such as Yubico or Google Titan, is recommended for enhancing the security of high-targeted accounts.

The guidance also emphasizes moving away from Short Message Service (SMS) messages as a form of MFA, advising that SMS-based authentication is not encrypted and can be easily intercepted by those with access to telecommunications infrastructure.

Additional recommendations include the use of a password manager, regular software updates for both operating systems and applications to patch vulnerabilities, and setting telecommunications account PINs to prevent SIM-swapping attacks — a common technique used by hackers to hijack phone numbers and intercept sensitive communications.

Specific guidelines tailored for Apple iPhone and Android users were also included. iPhone users are advised to enable “Lockdown Mode” to restrict app access and deploy Apple iCloud Private Relay for secure internet browsing. Meanwhile, Android users are encouraged to choose devices with strong security records and long-term update commitments, and to ensure the use of encrypted Rich Communication Services (RCS) for messaging.

You can read the full guide on CISA’s website.