The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a stark warning to iPhone and Android users: stop sending unencrypted messages between devices. The advisory comes in the wake of the Salt Typhoon cyberattack, a Chinese-linked operation that compromised multiple U.S. telecommunications providers.

Salt Typhoon, described as one of the largest intelligence breaches in recent U.S. history, targeted telecom systems, intercepting live calls, text messages, and data related to law enforcement surveillance. Officials confirmed that the breach, which affected networks in the U.S. and beyond, remains unresolved.

"Our suggestion, what we have told folks internally, is not new here," Jeff Greene, executive assistant director for cybersecurity at CISA, told NBC News during a press call. "Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication."

The cyberattack underscores a critical vulnerability: text messages sent between Apple and Android devices lack encryption, making them accessible to malicious actors. Apple's iMessage and Google's RCS protocols provide encryption for intra-platform communication, but messages exchanged across platforms remain unprotected.

The scope of the attack is vast. "People's Republic of China (PRC)-affiliated threat actors compromised the networks of major global telecommunications providers to conduct a broad and significant cyberespionage campaign," the FBI and CISA said in a joint statement. They emphasized that remediation efforts may take months, if not longer.

An unnamed FBI official told NBC News, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption, and phishing-resistant security tools, like multifactor authentication."

The Salt Typhoon breach also highlights systemic issues within U.S. telecom infrastructure. Decades of mergers and acquisitions, along with reliance on outdated equipment, have left networks vulnerable to sophisticated threats. Cliff Steinhauer, director of information security at the National Cybersecurity Alliance, explained to Axios, "Many of the systems in question are nearly 50 years old-like landline systems-and they were never meant for the type of sensitive data and reliance that we have on them right now."

Officials further warned that the same vulnerabilities exploited by Salt Typhoon could be used for future attacks unless networks are fully secured. FCC Chair Jessica Rosenworcel has proposed an annual certification requirement for telecom companies to ensure up-to-date cybersecurity risk management plans.

CISA, the FBI, and allied cybersecurity agencies have issued a guide to help network engineers harden their systems against exploitation. The document highlights basic security measures like multifactor authentication and activity log maintenance but acknowledges that legacy equipment and physical network infrastructure present unique challenges.

While telecom providers work to secure their networks, government officials stress the importance of individual actions to mitigate risks. Encrypted messaging apps such as WhatsApp and Signal offer a safer alternative for users. Greene reiterated, "Encryption is your friend."