“Bombardment of malicious attacks has become the new normal for millions of iPhone and Android users. In an alarming warning, the FBI has sounded the alarm on a relentless onslaught of cyber threats originating from China. As hackers continue to exploit vulnerabilities in popular smartphone operating systems, the lines between personal security and digital vulnerability have never been more blurred.
With millions of users worldwide vulnerable to these attacks, the question on everyone’s mind is: are you next? In an explosive report by Forbes, it has been revealed that iPhone and Android users are being bombarded by Chinese hackers, leaving many to wonder how they can protect themselves against these sophisticated cyber threats.
The Chinese SMS Threat
FBI Warning: Beware of Fake Toll Bills
iPhone and Android users across America are being targeted by a sophisticated Chinese SMS threat, with fake toll bills being sent to unsuspecting victims. The FBI has issued a warning, advising users to delete these texts immediately, as they are not just scams, but a full-scale attack on phone infrastructure. The texts claim the recipient owes money for unpaid tolls and contain almost identical language, with the ‘outstanding toll amount’ being similar. However, the link provided within the text is created to impersonate the state’s toll service name, and phone numbers appear to change between states.
According to the FBI, the texts are usually sent from phone numbers in countries other than China, but the top-level domains are almost always Chinese. This is a clear indication of the Chinese connection to the scam. The .TOP domain, in particular, has a notable history of being used by phishers. The .TOP Registry has long-running compliance problems, with ICANN issuing a breach letter in 2024, citing .TOP’s failures to comply with abuse reporting and mitigation requirements.
The Scale of the Problem
The scale of this problem is astronomical, with over 19 billion spam texts being sent in the US in February alone, according to Robokiller. The Anti-Phishing Working Group (APWG) reports a bleak picture of Chinese phishers targeting US residents. The attack is not limited to toll bills, with fake package delivery and other messages also being sent. The APWG warns that the phone numbers that the phishers send the messages to are usually random, and are sometimes sent to people who do not use toll roads at all, or target users in the wrong state.
The APWG also notes that the texts are crafted by an upgraded phishing kit sold in China, which makes it simple to send text messages and launch phishing sites that spoof toll road operators in multiple US states. The reason those links are different is that the attackers are registering tens of thousands of domains to mimic state and city toll agencies and lure clicks. The APWG advises users to be cautious of lesser-known top-level domains such as .TOP, .CYOU, and .XIN, as these are often used by phishers.
The Chinese Connection
The .TOP Domain
The .TOP domain has a notable history of being used by phishers, and the .TOP Registry has long-running compliance problems. ICANN issued a breach letter to .TOP Registry in 2024, citing .TOP’s failures to comply with abuse reporting and mitigation requirements. As of March 2025, the case is still listed as unresolved on ICANN’s website. This lack of compliance and regulation has allowed phishers to use the .TOP domain to launch attacks on unsuspecting victims.
The use of the .TOP domain is just one example of the Chinese connection to the scam. The APWG notes that the phone numbers that the phishers send the messages to are usually random, and are sometimes sent from phone numbers in countries other than China. However, the top-level domains are almost always Chinese, indicating a clear connection to Chinese phishers.
The Phishing Kit
The phishing kit used in the attack is an upgraded version that makes it simple to send text messages and launch phishing sites that spoof toll road operators in multiple US states. The kit is sold in China, and is used by phishers to register tens of thousands of domains to mimic state and city toll agencies and lure clicks. The kit is highly sophisticated, allowing phishers to easily launch attacks on unsuspecting victims.
The use of this phishing kit has allowed phishers to launch a full-scale attack on phone infrastructure, with millions of texts being sent to unsuspecting victims. The attack is not limited to toll bills, with fake package delivery and other messages also being sent. The APWG warns that the attack is not just a scam, but a sophisticated attack on phone infrastructure, and advises users to be cautious of lesser-known top-level domains such as .TOP, .CYOU, and .XIN.
The SMS and RCS Security Hole
The Lack of End-to-End Encryption
The SMS and RCS protocols are open protocols, which makes them vulnerable to attack. The lack of end-to-end encryption in the core RCS technology itself makes it easy for phishers to intercept and read messages. Google has solved this problem by wrapping full encryption around RCS messages sent between Google Messages users. However, message an RCS user on a different app or an iPhone, and that encryption falls away.
Apple has the same problem, with iMessage encryption only working between Apple users. Outside Apple’s walled garden, the encryption falls away. This issue was clear long before the FBI and America’s cyber defense agency issued their warning for cell phone users to stop texting and use end-to-end encrypted messaging and calls wherever possible.
The Solution
A new leak suggests that the latest Google Messages beta supports MLS encryption, RCS’s next step toward E2EE interoperability across apps and platforms. The team at Android Authority was able to enable MLS for one-on-one RCS conversations in Google Messages, but hasn’t been able to enable it for RCS group chats yet. This indicates that MLS encryption support could be on the horizon for Google Messages.
MLS or Messaging Layer Security is an IETF supported initiative that aims to provide end-to-end encryption for group chat settings, in which more than two clients need to agree on a key but may not be online at the same time. The use of MLS encryption will provide an additional layer of security for RCS users, and will help to prevent phishers from intercepting and reading messages.
- MLS encryption will provide end-to-end encryption for group chat settings
- MLS encryption will help to prevent phishers from intercepting and reading messages
- MLS encryption support could be on the horizon for Google Messages
SMS: A Blanket No
The FBI’s recent warning to iPhone and Android users underscores a long-standing issue with SMS: it is an open protocol, making it inherently insecure for sending sensitive information. This security flaw has been exploited by cybercriminals, particularly in the wake of the Chinese cyberattack, which has led many to question the safety of traditional texting methods. The FBI advises users to cease sending SMS messages and opt for end-to-end encrypted messaging and calls instead. This advice is timely given the increasing sophistication of phishing attacks and the vulnerability of SMS to man-in-the-middle attacks.
SMS, or Short Message Service, has been a cornerstone of mobile communication since its inception in the 1990s. However, its design, which relies on an open protocol, makes it susceptible to interception and tampering. This vulnerability is particularly concerning in the context of the current Chinese cyberattack, which has been described as an “infrastructural attack on our phones.” The FBI’s warning highlights the urgent need for more secure communication methods.
The FBI’s guidance is clear: users should avoid sending sensitive information via SMS. Instead, they should adopt end-to-end encrypted messaging apps like Signal or WhatsApp. These apps provide a higher level of security by encrypting messages on the sender’s device and decrypting them only on the recipient’s device. This method ensures that even if the messages are intercepted, they cannot be read by unauthorized parties.
In addition to the security risks, the sheer volume of spam texts is another reason to reconsider SMS. According to Robokiller, more than 19 billion spam texts were sent in the U.S. in February alone. These texts often contain malicious links designed to steal personal information or financial data. The FBI’s warning specifically mentions texts claiming that recipients owe unpaid tolls, a tactic that has been used in various phishing schemes.
RCS: A New Security Concern
Security Hole in RCS
The adoption of Rich Communication Services (RCS) by Apple and Android has been touted as a significant upgrade from SMS. However, RCS is not without its own security concerns. The core technology of RCS lacks end-to-end encryption, making it vulnerable to attacks similar to those targeting SMS. This vulnerability has raised questions about the long-term viability of RCS as a secure messaging platform.
The lack of end-to-end encryption in RCS means that messages sent through this protocol can be intercepted and read by third parties. This is a significant concern, especially in light of the Chinese cyberattack, which has demonstrated the potential for widespread exploitation of mobile communication protocols. The FBI’s warning to stop texting and use end-to-end encrypted messaging and calls highlights the critical need for secure communication methods.
Google’s Encryption Efforts
Google has taken steps to address the security concerns surrounding RCS by wrapping full encryption around RCS messages sent between Google Messages users. This development is a step in the right direction, as it provides a higher level of security for users who communicate exclusively within the Google ecosystem. However, this encryption only works between Google Messages users, leaving users on different platforms or apps vulnerable to interception.
Apple faces a similar issue with iMessage, which only provides end-to-end encryption between Apple users. Outside of Apple’s walled garden, the encryption falls away, leaving messages sent to non-Apple devices vulnerable. This interoperability issue has been a long-standing concern, and the FBI’s warning has brought it back into the spotlight.
The issue with RCS and iMessage is not new, but the FBI’s warning has underscored the urgency of addressing these security gaps. The lack of end-to-end encryption in RCS and the limited scope of iMessage’s encryption highlight the need for a more comprehensive security solution. The FBI’s advice to use end-to-end encrypted messaging and calls “wherever possible” emphasizes the importance of choosing secure communication methods.
A New Development: MLS Encryption
MLS Encryption: The Future of RCS
Messaging Layer Security (MLS) is an initiative aimed at providing end-to-end encryption for group chat settings, where more than two clients need to agree on a key but may not be online at the same time. This protocol, supported by the Internet Engineering Task Force (IETF), is a significant development in the quest for secure group communication. Google has been working on implementing MLS encryption in Google Messages, with a focus on one-to-one conversations. This development could bring end-to-end encryption to RCS, making it a more secure option for users.
The potential for MLS encryption to enhance the security of RCS is significant. By providing end-to-end encryption for group chats, MLS could address one of the major security concerns surrounding RCS. This would make it a more viable option for secure communication, particularly in light of the Chinese cyberattack and the FBI’s warning to avoid SMS.
However, the implementation of MLS encryption is still in its early stages. According to a recent leak, the latest Google Messages beta supports MLS encryption for one-to-one RCS conversations. This indicates that MLS encryption support could be on the horizon for Google Messages, but it is not yet available to all users. The development of MLS encryption is a complex process, and it may take time before it becomes widely available.
The Road Ahead
It is unclear when MLS encryption will be rolled out to all users, but it is expected to come first to Google Messages in beta. This phased approach allows for testing and refinement before a wider release. Apple will also need to update its iOS operating system to support MLS encryption, which could take time. The integration of MLS into iOS will require significant changes to the operating system, and it is not yet clear when this will be achieved.
In the meantime, users are advised to use end-to-end encrypted messaging apps like Signal or WhatsApp. These apps provide a high level of security and are not affected by the vulnerabilities in SMS and RCS. The FBI’s warning highlights the importance of choosing secure communication methods, and users should prioritize security in their messaging choices.
The development of MLS encryption is a promising step towards more secure communication, but it is still in its early stages. Users should remain vigilant and adopt secure messaging practices until MLS encryption becomes widely available. The FBI’s warning serves as a reminder of the ongoing need for secure communication methods in an increasingly digital world.
Conclusion
In conclusion, the FBI’s warning about Chinese attacks on iPhone and Android users serves as a stark reminder of the pervasive threat of cybercrime in today’s digital landscape. As outlined in the article, the sheer scale and sophistication of these attacks have left millions of users vulnerable to data theft, financial fraud, and other malicious activities. The fact that these attacks are often disguised as legitimate apps or software updates underscores the need for heightened vigilance and awareness among users.
The significance of this issue cannot be overstated. As our lives become increasingly intertwined with technology, the potential consequences of a successful attack can be devastating. The theft of sensitive information, financial loss, and reputational damage are just a few of the potential repercussions. Moreover, the fact that these attacks are often state-sponsored raises concerns about national security and the integrity of our digital infrastructure.