US government agency warns workers of possible Chinese cellphone hacks

The CFPB has told staff not to use cellphones

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Consumer Financial Protection Bureau (CFPB) has issued a warning to its workers that personal mobile devices should not be used for sensitive work calls due to the recentChinese probing of US telecommunications networks.

The email sent by the CFPB acknowledges that “While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised.”

The warning also extends to contractors working for the CFB, and highlights the scale of the attack against US telecoms by the China-related group tracked as Salt Typhoon.

Telecoms attack worries federal agencies

There is no indication on exactly what data may have been exfiltrated from the telecoms providers, but initial reports suggest that call logs, unencrypted texts and some phone audio was exfiltrated by the attackers, including audio from a number of high-profile individuals related to the Harris and Trump campaigns alongside potentially hundreds of thousands of US citizens.

US officials are also cutting down on their phone use in response to the hack, with a former US official who spoke to theWall Street Journal(WSJ) stating, “There is a general reticence to use their cellphones.”

Salt Typhoon also managed tobreach several internet service providers(ISP) in early October, including Verizon, AT&T, and Lumen, with the attackers also gaining access to a lawful wiretap used for surveillance by US authorities.

As the WSJ notes, a federal agency issuing a specific warning against the use of personal mobile phones indicates the depth and breadth of the attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Do NOT conduct CFPB work using mobile voice calls or text messages,” the CFPB email recommended. The email also stated that staff should only use authorized online collaboration platforms such as Cisco WebEx andMicrosoftTeams to make calls and send messages that contain non-public data.

You might also like

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Stormforce Pro Creator 0601 workstation review

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

AI and robotics really could be holding back some workers from their dream career