FBI warns iPhone users to avoid iMessage after encryption breach

US authorities, in a joint alert with the FBI, have issued warnings for iPhone users against spyware attacks on the messaging platform iMessage. The Cybersecurity and Infrastructure Security Agency (CISA) advised iPhone and Android users to “only use end-to-end encrypted communications.”

CISA and the FBI published an alert on Monday in response to several major hacking operations on social media platforms WhatsApp and Signal, which infiltrated private messages and phone calls of several Americans.

However, CISA’s warning mentions Apple’s messaging system iMessage, the default SMS client for iPhone users. iMessage itself has end-to-end encryption between Apple devices, but texts sent to Android phones are transmitted as standard SMS, which is not fully encrypted.

iMessage texts to Android lack encryption, vulnerable to data theft

iPhone users in the US supposedly prefer using iMessage compared to other encrypted messaging apps like WhatsApp. According to a report done in mid-2024, more than half of US smartphone owners have iPhones, and 26% of the population with these phones use iMessage. Meta CEO Mark Zuckerberg sees iMessage as its biggest competitor in the US market.

Android phones have the RCS protocol that Google has tested for end-to-end encryption, but Apple has not confirmed when it will implement similar protections. 

iMessage is a front-end platform and the sole SMS client on iPhone, which the Department of Justice vehemently bashed during its report on Apple’s “walled garden” ecosystem. Per the DOJ, the lack of alternatives would mean all iPhone owners would be exposed if there were an attack on the messaging system.

“This is our core advice,” said CISA, even as new spyware attacks target Signal and WhatsApp. “Do not use text messaging between iPhones and Androids. It’s not fully encrypted.”

Last year, the FBI and CISA gave a similar notice because of Salt Typhoon, a Chinese state-linked cyber operation that successfully accessed private conversations and texts. 

As reported by the Washington Post, Senate Intelligence Committee Chair Senator Mark Warner called the breach the “worst telecom hack in US history.”

“We’re the telecom envy of the world. I don’t want to slow that innovation. I don’t want to come in with some new, heavy-handed regulation. This ought to just be about safety and security,” the Senator told WP.

The FBI and other cybersecurity officials asked Americans to avoid standard text messaging and switch to Signal or WhatsApp to shield their communications from foreign hackers. 

“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible to read,” said Jeff Greene, executive assistant director for cybersecurity at CISA.

WhatsApp and Android devices also exposed to vulnerabilities

Away from Apple’s troubles, Cryptopolitan has also covered several exploits affecting WhatsApp and Android that were included in CISA’s notes on Monday. In early November, University of Vienna researchers revealed a flaw in WhatsApp’s registration feature that allowed them to harvest 30 million US numbers in just 30 minutes. 

Over the course of their research, they accessed the number of 3.5 billion users globally. About 57% of these users had public profile pictures, and researchers could view profile text for 29% of accounts.

Just days after the institution shared its findings, cybersecurity firm Unit 42 reported about a spyware campaign on Samsung Galaxy devices named LANDFALL, which uses a zero-day vulnerability in Samsung’s image processing library libimagecodec.quram.so (CVE-2025-21042) to infiltrate devices via images sent over WhatsApp.

According to Unit 42, the malware has been active since mid-2024 and enables attackers to perform full device surveillance without user interaction. Android malware was also found hidden in iOS image samples, in Digital Negative (DNG) files. 

Several users cited in Unit42’s findings reported seeing filenames that were tagged as WhatsApp uploads, such as “IMG-20240723-WA0000.jpg,” traced to locations including Morocco, Iran, Iraq, and Turkey between July 2024 and early 2025.

Another vulnerability, CVE-2025-12725, an out-of-bounds write error in Google Chrome’s graphics processing component WebGPU, was also exploited in conjunction with LANDFALL.

If you're reading this, you’re already ahead. Stay there with our newsletter.