The U.S. government is advising senior officials and politicians to abandon phone calls and text messaging in light of recent breaches at major American telecommunications firms attributed to Chinese hackers.

In guidance issued on Wednesday, the Cybersecurity and Infrastructure Security Agency emphasized that “individuals in senior government or political roles” should “promptly review and implement” a set of best practices regarding mobile device usage.

The primary recommendation is to “utilize only end-to-end encrypted communications.” This data protection method ensures that information remains unreadable to anyone other than the sender and recipient. Various messaging applications, such as Meta Platforms, WhatsApp, Apple’s iMessage, and the privacy-centric app Signal, incorporate this feature. Additionally, corporate solutions that offer end-to-end encryption include Microsoft Teams and Zoom’s online meetings.

In contrast, standard phone calls and text messages lack end-to-end encryption, making them susceptible to monitoring by telecommunications companies, law enforcement, or potentially hackers who have infiltrated these companies’ systems. This vulnerability was highlighted in the case of the cyber espionage group known as “Salt Typhoon,” which U.S. officials have linked to the Chinese government. Beijing consistently refutes claims of engaging in cyber espionage.

A senior U.S. official stated earlier this month that “at least” eight telecommunications and telecom infrastructure companies in the United States have been compromised by the Salt Typhoon hackers, resulting in the theft of “a large number of Americans’ metadata” during the surveillance operation.

Last week, Democratic Senator Ben Ray Lujan remarked that this series of intrusions “likely represents the largest telecommunications hack in our nation’s history,” and it remains uncertain whether American officials have developed effective strategies to counter the hackers’ espionage efforts.

Jeff Greene, the executive assistant director for cybersecurity at CISA, informed reporters on Wednesday that the investigation is still in progress, with various targeted agencies and individuals at different stages of their response. Greene noted that the Salt Typhoon breach “is part of a broader pattern of PRC activity directed at critical infrastructure,” referring to Chinese-linked cyber operations aimed at utilities and other sensitive networks, collectively known as “Volt Typhoon.”

“This ongoing PRC activity necessitates long-term preparation and defense,” Greene emphasized. Digital safety experts, including those from the Electronic Frontier Foundation, have long advocated for communication solely through end-to-end encryption. Senior staff technologist Cooper Quintin expressed support for this guidance but voiced concern over the government’s recommendation for officials to avoid the regular phone network. “It is a significant indictment of the telecoms that manage the nation’s infrastructure,” he stated.

Additional suggestions involve steering clear of text messages that contain one-time passwords, such as those frequently dispatched by U.S. banks for login verification. It is also advisable to utilize hardware keys, which provide protection against phishing attacks aimed at stealing passwords.

Tom Hegel, a threat researcher at the cybersecurity firm SentinelOne, supported Cooper’s affirmation of the CISA guidelines, stating that “Chinese actors are not the sole entities persistently gathering unsecured communications.”