Are US cellphones at risk? A new bill is coming to stop another Salt Typhoon attack

The flag of the United States fluttering in the wind against a blue sky background.

(Image credit: Bryn Colton/ Getty Images)

A US Senator has presented a new bill to secure the networks of the country's telecommunication companies targeted by the China-linked Salt Typhoon hacking group.

What's considered to be the largest intelligence compromise in US history sparked a call to all US citizens to switch to encrypted communications last week. At least eight of the country's largest telecoms were hacked to spy on their customers' activities, including AT&T, Verizon, and Lumen Technologies.

The Secure American Communications Act would require the Federal Communications Commission (FCC) to "fix its own failure" and fully implement the cybersecurity rules under the 1994 legislation. US telecoms are also required to submit annual security tests and audits to the FCC.

A turning point?

"It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules," said Ron Wyden, US Senator of Oregon who announced the bill.

Under the 1994 Communications Assistance for Law Enforcement Act (CALEA), the FCC was already expected to ensure telecom operators secure their systems against unauthorized access – something that, apparently, the watchdog never did fully.

"Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security," said Wyden.

"Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies."

The Secure American Communications Act is the third proposal has Wyden presented so far in a bid to beef up the security of US communications networks.

China US flags cropped — While Salt Typhoon hackers reportedly targeted at least 8 American telecommunication networks, the Chinese cyber-espionage campaign seems to be a lot bigger as 'dozens' of countries may be affected. (Image credit: Medium)

As per Wyden's latest proposal, US telecoms will need to implement specific cybersecurity requirements to prevent external interceptions, while conducting both internal and independent evaluations on their systems every year.

In the meantime, new cybersecurity practices come into force, and the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have shared security recommendations for both customers and enterprises.

According to experts, US citizens should secure all their communications with encryption. This technology is used by the likes of WhatsApp, Signal, or secure email like Proton Mail, to scramble data into an unreadable form to prevent third-party access – ensuring communications remain private.

FBI officials also suggest keeping your smartphone up-to-date and enabling two-factor authentication whenever possible to protect your accounts against phishing attacks.

If you're looking to secure your enterprise network, CISA's security tips to stay protected are a must-read.

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com