If you’re looking for the best way to leave sensitive information and conversations exposed outside of publicly posting it on the internet, then sending all of it over a short message service (SMS) is the right move for you. Standard SMS messaging is a capability that’s built on ancient technology with little regard for security and privacy. Everything you send over SMS is visible easily to anyone, including phone carriers, governments, and hackers.
So, if you’re dealing with valuable or sensitive information, the only acceptable way to send it via message is by using encryption software for your mobile phone.
- There are several ways you can ditch SMS for a more secure messaging experience, such as iMessage, Android Message, and third-party secure messaging applications.
- SS7 is the system that SMS is built on and works through, the problem is that this system was created in the 1970s and has absolutely zero protections whatsoever despite the fact that experts have been ringing the alarm bells for years.
- If Apple or Google won’t deliver on promises of true privacy and secure encryption, there are plenty of third-party texting applications that’ll protect your conversations.
Table of Contents
How Do You Secure Your Text Messages?
There are several ways you can ditch SMS for a more secure messaging experience, such as iMessage, Android Message, and third-party secure messaging applications.
If you’re looking to secure your messages on your iPhone, the easiest way to do this is by turning on iMessage. iMessage creates an encrypted text thread that’s only readable by the sender and the recipient. There are only two issues with iMessage that you should be aware of:
- Only iPhone users can use iMessage:In typical Apple fashion, iMessage is a proprietary perk that’s only available to those who’ve bought into the iOS ecosystem. This means that if you’re an iPhone user and you send a message to anything other than another iMessage user, then it sends it as a standard SMS without all of the encryption protections.
- Apple can turn over your data to the government: I’m not going to assume your intentions, but if the government comes knocking on Apple’s door with a warrant for your iMessage data stored in iCloud, they can (and will) turn that information over along with the decryption key. So, do with that information what you will.
So, in terms of hackers, iMessage is quite secure. When it comes to the government or communicating with non-iPhone users, it falls short.
Android Message encryption is a relatively new feature that was introduced finally in 2021 and effectively duplicates the iMessage experience. However, Android Message has its share of issues as well:
- No encryption when sending to iPhones: Ahh, Apple with your pesky proprietary benefits. Despite the end-to-end encryption of Android Message, this encryption doesn’t work when sending texts to iPhones. But it looks like Google is trying to change that. We’ll have to see.
- Android Message encryption only works if all parties have it turned on: If both parties don’t turn on the encryption settings, then messages are sent using the standard SMS method. Encryption is like an agreement that both parties take part in. One side encrypts messages while the other decrypts them using different keys.
- Google gladly hands over your data to the government: Just like Apple, Google is just as willing to turn over data to the government and if the messages aren’t encrypted, they’ll just come up as regular old plaintext messages without the need for any decryption key.
- Android Message encryption doesn’t work with group texts: Even after all of these years, Google still hasn’t encrypted group texts when Apple has done it for years. Better keep your group texts squeaky clean since anyone can peek at them with little effort.
Android Message is clearly the worse option out of the two major mobile OS encrypted messengers. So, if Apple and Google aren’t up to your standards, where should you go?
Third-party Secure Messaging Applications
If Apple or Google won’t deliver on promises of true privacy and secure encryption, there are plenty of third-party texting applications that’ll protect your conversations. These applications provide end-to-end encryption of your messages, don’t use SS7, can send encrypted messages to all phones and mobile operating systems and, in many cases, don’t store any of your texting data encrypted or otherwise. This means that no one can intercept your communications and even if governments come knocking, these companies can’t provide any useful information to them.
If you’re looking for this kind of experience, then these are the apps for you:
These applications are so secure that some congressional members have insisted that something be done to weaken the encryption or create backdoors so that law enforcement can access them. That should tell you everything you need to know.
Can You Remove Encryption From Text Messages?
The only way you can realistically remove modern encryption is by using the decryption key. It’s theoretically possible to decrypt messages without a key, but the only method you can use is brute force, which means you try to decrypt a message using a computer to try every possible key combination until you get the right one. Sounds simple right? Not quite.
As I said, it’s theoretical, which means it has never been done before. AES-128 and AES-256 are the two most common encryption standards in use today (AES-256 is used by Signal, for instance). According to Ubiq, even if we threw the entire computing power of the Bitcoin network at this encryption, it would take 70,000,000,000,000,000,000,000,000 years for it just to crack AES-128. Even if we used the strongest quantum computer currently in existence, it would still take 200 times longer than the universe has existed to crack AES-128 and even longer for AES-256.
Hope those hackers and the FBI have their Netflix queues and popcorn all set up while waiting for that to break. So, you can rest assured knowing your data is secure while using an encrypted messaging application.
Why You Should Send Encrypted Text Messages?
- Spy Applications
- Mass Messaging Applications
- Signaling System No. 7 Interception
Anyone with the right application can send end-to-end encrypted text messages that can only be read by the sender and the recipient.
The truth is that SMS messaging is incredibly flawed and outdated when it comes to privacy and security. It’s nearly the equivalent of sending a fax over the phone without paper. There are several ways prying eyes can intercept with ease.
If someone wants to snoop on your phone, one way they might do it is through the use of spy applications. If someone with a good enough excuse and story asked to borrow your phone, such as to call a tow truck or contact a family member, what are the chances you would say “no”? The key to being a successful hacker is the ability to prey on our inherent trusting nature. Once an attacker has access to your phone, there’s a chance that they could install spy applications to your device to read your text messages as you receive them.
Unfortunately, encryption won’t help you in this instance. Encryption secures your text messages on their journey between you and the recipient to protect them from interception during that transaction. Once a message is received by your device and you open it, it’s decrypted, making it visible to spyware that’s installed on your device.
In this case, the best way to avoid these kinds of attacks is by monitoring your phone closely if you must lend it out for someone else to use. If that proves to be difficult, you can search through your device for some of the more popular spyware applications, including:
There are many spyware apps available. The best practice is to occasionally look through your applications for anything that looks suspicious or that you don’t remember downloading yourself.
Mass Messaging Applications
Sometimes, even innocent applications can be repurposed into an SMS intercepting tool. In one case, one hacker demonstrated for VICE News just how easy it’s to intercept messages without the victim even realizing it for the low price of $16:
“I hadn’t been SIM swapped, where hackers trick or bribe telecom employees to port a target’s phone number to their own SIM card. Instead, the hacker used a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute my messages to him.
“Unlike SIM jacking, where a victim loses cell service entirely, my phone seemed normal. Except I never received the messages intended for me, but he did.”
The problem with this type of attack is that it allows lateral movement to other services you use because once you know a target’s email and have access to their text messages, you’ve eliminated the barriers created by SMS-based two-factor authentication. All it takes is a simple “forgot password” and a confirmation code sent via SMS to change a password and access many different accounts. This is a huge security flaw and one that exploits the unsecured nature of SMS messaging. This same risk exists with the previously mentioned spyware applications. The only difference is that this kind of attack doesn’t require any physical contact with your phone. In this case, you might want to switch off SMS two-factor authentication and move to a more secure method.
Signaling System No. 7 Interception
This is the kind of stuff most people think of when they think of intercepting text messages. Instead of relying on spyware applications or mass messaging platforms, Signaling System No. 7 (SS7) interception is a bit more technical since it relies on equipment that has to be purchased on the black market.
SS7 is the system that SMS is built on and works through. The problem is that this system was created in the 1970s and has absolutely zero protections whatsoever despite the fact that experts have been ringing the alarm bells for years. SS7 traffic operates on simple commands that are impossible to distinguish between authentic and malicious. The system simply does whatever it’s told by anyone with access to it.
This means that an attacker with the right equipment can intercept SMS messages and store that data on a system of their choosing. It’s all data that is out there in the open and is ripe for the picking. The bottom line is standard SMS isn’t secure at all.
Does Your Security Need an Upgrade?
It takes more than an encrypted text messaging application to secure your business data and communications. Updates require a holistic process attention paid to all parts of your operation from upgrading your network security software, to implementing a new firewall or, in this case, changing the way you conduct business communications on mobile devices.
Whatever you’re looking to improve, Digital.com has countless guides, reviews, and best practice articles to help you secure your business the right way. Be sure to check back for regular updates to our content and new insights into the future of cybersecurity.