In the months leading up to the US elections in November 2024, a China-based cyberespionage group known as Salt Typhoon began to make headlines. The group waged attacks against a number of high-profile political targets, including then-presidential candidate Donald Trump and his running mate, Senator JD Vance, along with individuals affiliated with Democratic candidate Vice President Kamala Harris. The attacks have a wide range of troubling implications, highlighting significant risks to personal privacy, communications services, and national security.
In this post, we’ll examine why the Salt Typhoon attacks are so significant from a mobile security perspective, and we’ll outline why proactive mobile security defenses like those of Quokka are now so essential.
What is Salt Typhoon and Why Should You Care?
First identified back in 2019, Salt Typhoon has been waging a range of attacks for years. What’s perhaps most disturbing about these most recent revelations is that, through these hacks, attackers were able to effectively tap the wireless voice and data transmissions that were sent between mobile devices and backend telecommunications infrastructure. In the process, critical services and infrastructure of many high-profile telecommunications firms and metadata of more than one million individuals were exposed. Specifically, Salt Typhoon actors stole extensive amounts of metadata, and infiltrated systems handling court-authorized wiretaps.
The Cybersecurity and Infrastructure Security Agency (CISA) and other government agencies also issued warnings that Salt Typhoon and other China-affiliated groups have already infiltrated the IT environments of numerous critical infrastructure providers, including organizations in communications, energy, transportation, and water sectors. These breaches are believed to be part of a larger campaign to enable China to wage cyberattacks on critical US infrastructure in the event of a conflict or major crisis.
In response to these threats, the US Treasury Department has imposed sanctions on individuals and entities associated with China’s Ministry of State Security, aiming to deter further malicious cyber activities.
How Salt Typhoon Exposes Weaknesses in Mobile Security
Fundamentally, these cyberespionage campaigns underscore a shocking reality: Our mobile security is woefully underprepared for threats of this magnitude.
Salt Typhoon primarily targeted U.S. telecommunications providers, exploiting known vulnerabilities in network devices such as routers and switches. For example, Salt Typhoon has regularly exploited a known vulnerability in Microsoft Exchange servers. In spite of a patch for this vulnerability having been published in 2021, one report found that 91% of these systems remain unpatched.
However, Salt Typhoon has also shown that it has the sophisticated capabilities to exploit previously unknown, “zero-day” vulnerabilities as well. The bottom line is that we as consumers and security professionals have no choice but to assume the wireless networks we use in our personal and professional lives are compromised. For years now, security professionals have been warning employees about the risks of using unprotected Wi-Fi networks in cafes, libraries, transit hubs, and other public places. Salt Typhoon’s recent campaigns reveal these same risks are now a reality any time we use our mobile devices on cellular networks.
Mobile, beyond Wi-Fi and cellular networks, will continue to be a target for hackers. Mobile devices now store or access a wealth of personal and sensitive information, and we are constantly using these devices. Additionally, many users don’t take mobile security as seriously as computer security and don’t realize how dangerous our typical usage can be. For example, users often don’t think that the link they get sent over a social media message could be a phishing link, or that the app just downloaded from the app store could actually contain malware. Because of the wealth of information available on or accessed by mobile devices, they’ll continue to be targeted by malicious actors.
For these reasons, it is now clear that securing data, including call and text metadata, is essential. By infiltrating telecom networks and our communications infrastructure, Salt Typhoon’s teams gained access to the sensitive information of millions of people. This demonstrates how they were able to exploit vulnerabilities in mobile applications, particularly those lacking proper encryption.
Why Mobile App Security Is the Next Frontier
For too many organizations, mobile apps and devices represent the Achilles heel in their security posture. While mobile devices are now used for virtually all types of sensitive communications and transactions, the security safeguards around these devices and apps are lacking.
For example, when we’re browsing on our laptops, we’ve been trained to look for the padlock icon when accessing a web site. The problem is there’s no equivalent mechanism for all the mobile apps we’re using. As users, we have no way of knowing if the app vendor is encrypting data transmissions or even whether they’re employing security measures of any kind. Nor can we easily tell if an app is intentionally or unintentionally sharing or otherwise misusing our data. Pretty much any app that can access device functionality or data can potentially transmit unencrypted data and expose sensitive assets.
Cyber espionage groups like Salt Typhoon, not to mention cyber criminals and other malicious threat actors, are well aware of these vulnerabilities—and constantly looking to exploit them to pursue their objectives. It is for these reasons that mobile app security now represents the key focus area for many business and technology leaders.
Recommendations for Establishing Enhanced, Proactive Mobile Security
The Salt Typhoon story made clear that the reactive security measures that had been employed in years past have failed. Any time sensitive mobile apps, data, and transmissions aren’t encrypted and secured, they’re vulnerable.
To establish effective safeguards, today’s government agencies and enterprises must establish end-to-end mobile protection. It is only through the implementation of proactive security measures that teams will establish persistent safeguards and be ready for the evolving threats that will arise in the future.
The Salt Typhoon attacks highlight the necessity for the following robust mobile security measures:
- Regular patching. As a starting point, it is critically important to ensure all network devices and applications installed on-device are updated promptly to mitigate known vulnerabilities.
- Encryption. Given the repeated vulnerability of networks and infrastructure, encryption represents an essential line of defense. Implement end-to-end encryption for mobile apps and data transmissions to prevent unauthorized access.
- Access controls. Security teams must strengthen authentication mechanisms, including multi-factor authentication, including device attestation, to protect against unauthorized access and risk.
- Continuous monitoring. It is vital to deploy advanced monitoring tools to detect and analyze mobile apps so organizations can respond to suspicious behaviors in real time.
Quokka Can Help
Risks posed by cyber attackers like Salt Typhoon aren’t going away. Mobile devices and apps remain a highly prized target—and a vulnerable one. The good news is that Quokka is uniquely equipped to help.
Our Contextual Mobile Security Intelligence identifies malicious behaviors, colluding apps, privacy risks, and compliance gaps—providing precise, actionable insights to reduce risk and protect your organization. Our solutions can be installed on-device or agentless, providing smarter security, seamlessly integrated. To truly scale app testing, you need to integrate where it matters most—at the heart of the user’s device. That’s the only way to effectively test every app, every interaction, and every potential security gap at scale. Quokka secures the entire mobile ecosystem with these solutions:
- Q-scout. With behavior-driven detection, Q-scout identifies hidden threats, streamlines app vetting, and enables swift action to secure your mobile ecosystem—regardless of the operating system (OS).
- Q-mast. Q-mast integrates security into the app development lifecycle, conducting comprehensive testing to eliminate vulnerabilities and ensure secure apps are delivered on day one.
With Quokka, you’re equipped to tackle today’s challenges and stay ahead of tomorrow’s threats. Contact us today to learn more or schedule a demo.
