Why SMS Text Messages Aren’t Private or Secure
SMS text messages are neither safe nor private since end-to-end encryption is not supported by SMS. Only you and the intended receiver will be able to view a message’s contents thanks to end-to-end encryption.
You could believe that using traditional text messaging instead of Facebook Messenger will assist to secure your privacy. Standard SMS text messages, however, lack both privacy and security. SMS is similar to fax in that it is an antiquated standard that will not die.
Your SMS messages are visible to your mobile carrier
Your SMS messages are not end-to-end encrypted when you send them. The contents of communications you send and receive are visible to your cellular service provider. Because such communications are saved on your cellular carrier’s networks, your cellular provider has access to them rather than a tech business like Facebook.
The contents of the communications are kept on file by cellular operators for varying lengths of time. Messages are frequently only kept for a few days, while information (such as which number sent a message to which number and when) is kept for much longer. These documents may be called upon as evidence in court; for instance, text message logs are frequently used as proof in divorce proceedings.
When compared to Signal or another end-to-end encrypted messaging service, this. Your messages’ content is not stored by Signal. Signal is completely unaware of your conversation partner. Only your device and the device of the person you’re talking to save the chat data.
Leaving that aside, should you confide your discussions to your mobile provider? In fact, it was discovered that AT&T, Sprint, and T-Mobile were all selling consumer location data to aggregators back in 2019. Everyone utilised it, including unscrupulous bounty hunters and bail bond agents. (The cell phone providers vowed to halt when this was publicised in the news.)
Criminals Have the Ability to Intercept
But security uses SMS texts, right? There must be a reason why text messaging is used by every bank and financial organisation to confirm your identification.
Yes, there is a cause, I suppose. However, security is not the cause of that. Everyone just has a phone number. SMS confirmation requirements increase security a little bit. SMS isn’t especially secure, but at least it prevents an attacker from simply putting in your password; they must also intercept an SMS message.
SMS transmissions can be tapped. The Signaling System No. 7 (SS7) protocol links mobile phone networks all around the world together. This is how your phone may establish a connection to a cellular network so that you can place and receive calls even if you’re in a different nation across the globe.
Authorities are able to monitor SMS messages
Stingrays are tools that effectively mimic a cell tower that are available to governments all over the world. These fool your phone into connecting to them when they’re put close to where you are physically (as your phone would connect to a normal cellular tower). In the same way that your cellular provider can, the stingray device can then follow your whereabouts and view your SMS text messages.
SMS messages can also be included in broader surveillance systems in addition to local monitoring. The NSA reportedly collected more than 200 million text messages every day from all around the world at the time, according to papers that Edward Snowden made public back in 2014.
It is obvious why encrypted communication applications like Signal and Telegram are particularly well-liked among activists living under repressive regimes given that other nations’ intelligence services also have access to stingrays and SMS surveillance capabilities. Iran forbids the use of Telegram and Signal, for instance.
Your Phone Number Can Be Stolen Easily
Beyond SMS, the security of phone numbers is actually pretty weak—at the carrier level. A con artist can imitate you by calling your mobile provider or entering a business. The con artist may be able to take possession of your phone number if they have adequate information and are skilled at deceiving the customer support agents of your carrier. They could request that your phone number be “ported out” to another cellular carrier, exactly like you would if you changed carriers. A new SIM card linked to your phone number might also be issued by the carrier, and your old SIM card could be deactivated to prevent access to your phone number.
By using additional PINs and security mechanisms offered by your cellular company, you may frequently secure your phone number. Find out what security safeguards your cell phone company provides to guard against port-out frauds.
There have been enough instances of this to warrant warnings from the FCC and Better Business Bureau about this fraud.
The Summary of the SMS Issues
Let’s quickly review SMS’s drawbacks before contrasting it with a safe, end-to-end encrypted messaging tool like Signal.
- Your cellular provider has access to the information in the communications you send and receive. Any records gathered may be called into court as evidence.
- Due to flaws in the dated technology that underpins SMS communications, hackers are able to intercept them. Accounts, whether financial and otherwise, are put in danger.
- Stingrays can be used by authorities to monitor text messages in a certain region.
- Scammers may attempt to get your mobile phone number by deceiving the customer care representatives of your cellular operator.
- Your messages’ contents are hidden from your cellular provider. Your communication content and who you are contacting are kept private, even from Signal. These data are not gathered by Signal. Signal can nearly never provide any information regarding your service usage if required to do so by demand.
- Hackers can’t possibly take over signal messages. They would have to undermine the Signal encryption system, which is highly regarded by security professionals. (SS7, on the other hand, has frequently been breached.)
- Your chats cannot be heard by stingrays. Without access to a phone containing the communications, authorities are unable to eavesdrop on the content of Signal messages. They can only observe encrypted communication going to and from Signal’s servers.