There's No Such Thing As A Secure SMS

Most of us rapid fire text messages every day without a second thought. In fact, the average person sends 67 SMS (Short Message Service) texts a day, with 6 billion sent daily in the U.S. alone. Would any of us ever imagine that every one of those texts are up for grabs for any bad actor to see? That’s the issue for those of us sending SMS texts to family, co-workers, friends, and more. As technology marches on, security experts are sounding the alarm for those who use SMS texting, saying that it’s now considered a dated technology that’s unable to provide the security assurance we need. More and more users are texting with messaging apps like Snapchat and WhatsApp because the messages are encrypted, offering a whole other level of security that SMS texts can’t.

The very first SMS text was sent in 1992, but when it comes to technology, 27 years is an eon’s worth of innovation. SMS is still one of the most widely used text messaging services today. The other component of SMS texts are MMS (Multimedia Messaging Service). The simple difference is SMS messages are text only, while MMS involves sending a visual file such as a .gif or .jpg. Either way, know that your personal, private or professional SMS messaging can be intercepted.

SMS messaging is vulnerable because they are sent to recipients in a multi-step process. A message first goes to a cell tower and then to an SMS center (SMSC). The SMSC then resends the message to the cell tower nearest to the recipient and then to their smartphone. That’s a lot of traveling, and each step along the way is vulnerable to compromise.

Enter the OTT (over-the-top) messaging apps. Aside from sending encrypted messages that can’t be deciphered until it reaches the recipient, OTT apps use internet protocols (IP) rather than cellular networks. That means messages are sent through an internet connection like WiFi and are not bouncing off cell towers in a multi-step process. The direct connection over the internet uses end-to-end encryption in a single-step process, something SMS can’t do.

The term OTT initially referred to services that went “over” the heads of cable providers, specifically streaming services. OTT has since been applied to many other products and services that when released are way “over” the exiting technology.  

While considering a change to an encrypted messaging app, there are steps to ensure your SMS messages are more secure. Apply the same caution with SMS messages you would to a suspicious email. Carefully inspect the source and phone number of the sender. If you don’t recognize them, don’t respond, just delete. Never take other actions it may ask, like following a link or opening an attachment, as malware travels in texts the way it does in emails. If curiosity gets the better of you, such as with a text from your bank that requests your log-in information, contact the sender directly with a support phone number you know is legitimate. Only then can you determine if the request is for real, and always think twice before sending sensitive information in a text and then don’t do it.