Welcome to the first posts of the communication privacy guide. This is our analysis of why SMS are dangerous.
We all use messaging services, like SMS, WhatsApp, iMessage, Google Hangouts and Facebook Messenger at work or for private conversations. It is a very convenient way to communicate and aside from internet costs, it is completely free. Unfortunately, popular services are highly compromised when it comes to privacy. There are much better options. In this post, we will focus on SMS, short message service.
For many people, instant messengers have replaced the traditional SMS (short message service). We appreciate that development, because SMS are one of the worst ways to communicate if you value your privacy. On top of that, they are not free and you have to pay for every individual message you send.
Not being free is by far not the only issue with SMS. Let us start with the first reason why SMS are dangerous: Encryption is optional for the communication protocol of SMS and most providers do not care about your privacy. They either do not encrypt SMS or use a weak and broken stream cipher.
In the case of SMS, that cipher is often A5/1 or A5/2. A5/1 and A5/2 have been cracked a long time ago. Therefore, the SMS encryption is useless, since it is easily decrypted without a key by hackers or law enforcement. As stated above, most SMS are sent entirely unencrypted anyway. Unlike with other messaging services, you often cannot activate it manually and your provider decides whether the messages are encrypted or not.
For us, the lack of encryption is enough to advise our readers to never use SMS, but 3.5 billion people do it on a regular basis.
There is another major problem with this popular service: SMS often pass through multiple different cellular networks on their way to the destination. The message can therefore be intercepted at any of the networks it is sent over. Before reaching the receiver, SMS are transferred to an intermediate station and kept there, but we do not know for how long. That is the reason why the data transfer used for SMS is called store-and-forward. Because of the store-and-forward feature, the messages can potentially be intercepted at a later point too and not just while you send them. That is an important difference to wire-tapping.
SMS interception is done by extracting the data saved in the memory of the intermediate station. The intermediate station for SMS is the Short Message Service Center (SMSC). It handles message switching and storage for the service.
The next problems is that SMS are stored on your phone in an insecure way. Should an adversary get access to you phone, they will be able to read the text of your messages, due to the lack of encryption.
In our article on “Government Hackers are a Threat to Society”, we have talked about the disgusting “Federal Trojan Horses” German authorities use. As it turns out, the weaknesses of SMS are also abused by the German intelligence agency “Federal Office for the Protection of the Constitution” (“Verfassungsschutz” in German). They send a type of SMS called “silent SMS” or “stealth ping” (Short Message Type 0).
This message will not show up on your phone and does not trigger a notification signal when received. While you do not notice them, the silent SMS makes your phone ping back to a cellular base station (cell tower). That ping sends your location data and things like the subscriber identification (IMSI) back to the intelligence agency.
If they send silent SMS frequently, they can create a detailed movement profile of you, with surgical precision. In 2010 alone, this German authority sent almost half a million silent SMS, which is enough to track thousands of people.
A common technique used by the FBI and Police is setting up IMSI-catchers. Those are also called “Fake Cell Towers” or “Stingrays” and the FBI eavesdrops on your mobile communication by sending your phone signal over their systems.
A security-related reason why SMS are dangerous is that the short message service can be manipulated directly. That is done through SMS spoofing, which means that address information is changed for a message. The result is that you will receive a message from a number (person) you know, but the sender is actually the attacker.
The intermediate station is actually supposed to check the integrity of a message, but that check is very unreliable. Even though SMS are very simple data packets, they are vulnerable to SMS Trojans. SMS Trojans are manipulated apps, mostly on Android. Those apps will ask you for permission to access messages when you install them and become dangerous if you give them the permissions.
Most people allow this without thinking about it. After that, the malware has access to your phone’s SMS functions. The attacker can then send messages in your name. This is commonly used for fraud, but the app could also send hundreds of premium SMS, so that you have to pay the cost for that to the attacker. There have been cases where the telecom company itself was affiliated with the attacker.
We hope that we could make it clear to you why SMS are dangerous and that using SMS is not a good idea. If you value your privacy, we advise you to stay away from this service. As a defence against silent SMS, we recommend the open-source Android app SnoopSnitch. It monitors mobile radio data (F-Droid, Play Store, GitHub). That does not prevent silent SMS, but at least lets you know that you are being tracked.
To close this chapter, the is at least one good thing: You can use the app Silence to send encrypted SMS. It is independent from your telecom provider. This app is a fork of TextSecure, the predecessor of Signal Messenger. TextSecure was discontinued and the Signal developers excluded the SMS encryption from Signal, since no one uses SMS anymore. You can get Silence on F-Droid and the Google Play Store.