Search
  • Mark Hodgkinson

SMS - Not Private or Secure!

SMS - not private or secure - an old standard which refuses to go away.


SMS does not have end to end encryption so the cellular provider you use can see the contents of your texts with no difficulty. Those messages are stored on their systems for varying amounts of time - and themetadata (phone number you sent to for example) is kept for even longer periods. Text messaging for instance is a common form of evidence in divorce cases.


Compared to the encrypted data of Whatsapp or Signal - where Signal doesn't have the contents of your communication and they don't even know who you're talking too.


So should you trust your mobile provider with your conversations? - well back in 2019 many were shown to be selling customer location data to aggregators. Used by everyone from bondsmen to bounty hunters in the States - after reported - it was promised to stop?


Criminal Interception - it's often the case that SMS is used to verify your identity but this is really because EVERYONE has a phone number and requiring confirmation by SMS is an extra layer of security. Unfortunately they can be intercepted and mobile phone networks around the world are connected to each other by the Signaling System protocol - that's how your phone works when you're in another country.


It's a protocol repeatedly attacked by hackers but using text messages in this way is better than nothing basically.


Stingray(s) - devices which other countries intelligence services have access to include SMS monitoring technology so that's why Signal and Telegram and banned under oppressive regimes.


Phone numbers themselves have very poor security at the operator level. Often scammers can gain control of your number even porting your number our to another carrier as if you were switching mobile phone provider - defeating 2 factor authentication. This is called a "Port Out Scam" or "Sim Swap" attack. Always wise to add extra PINS and security features with your phone provider.


Is Imessage the same then. This relies on both people using the same 'new' standard and it differs between Android and Iphone. Here the service piggy backs on SMS in a sense and any text is end to end encrypted - look always for the blue bubbles! You won't get that benefit when texting to an Android device from an iphone though.


Will SMS be fixed - well frankly NO - it''s outdated technology not built with security in mind - in fact it was de-engineered by government intervention to stop it being so! If Apple would agree to makre RCS compatible with iMessage in some way we'd fix the problem over-night and all modern smartphones would have secure messaging :->


For now it really is best to avoid txt messages if you're concerned about privacy or the security of your systems and accounts.


26 views0 comments