Security of SMS communication

SMS messaging has a distinct and specific place in the world of mobile communication. It is far less intrusive than a voice call, and often used for exchange of information that must not be contorted – like someone's phone number, place and time of a meeting etc. Many users are used to SMS messaging so much that they prefer it to voice calls.

It is important to realize the fact that SMS messaging – though attractive – introduces security problems for both parties of communication, especially if it is used for exchange of sensitive information, which should not be available to third parties. Let us review some of the risks.

1. Easy interception

Short texts like SMS messages can be intercepted (wiretapped) very easily. Costs of wiretaps are lower than in voice communication. For an operator, it is easy to scan all SMS going through their network for keywords, which is often really done.
Scanning need not be done with consent of the operator. Devices for GSM wiretap can be bought on black market for tens of thousands of euro, which is affordable price for many corporations and people, including private detectives etc.

2. Compromise of text due to users' error

SMS is more persistent than a call. A person entering the room 30 seconds after you have finished a call, can hardly learn anything. On the other hand, if you forget to delete an incoming or outgoing SMS, it will be present in your phone until you delete it finally. Now, if you leave your phone for a few minutes, anyone can look into your SMS list and read the secrets.
This, of course, also concerns situations when your phone is stolen.

3. Long lifetime

SMS are very small in size, and therefore can be stored easily. Currently, when a gigabyte of storage capacity costs less than $1, the possibility of long-term archivation is clear. Some countries already have law requiring storage of SMS for several years; if this spreads on, some people could have access to a long history of your SMS communication.

4. Side channels

For someone interested in your communication, even the contact list in your phone can be interesting. This does not mean only jealous partners searching for suspicions entries; the criminals are sometimes known to check contact lists for interesting names and other details.

5. Danger of message modification

SMS message, going through operator's network in plaintext, can be not only intercepted, but also modified. For example, identity of the sender can be altered, or the text changed. One can never be sure, whether a normal SMS has been received in the same form as it has been sent, and who is the real author. The network acts as a blackbox to both parties of communication.

From the above list it is clear that relying upon standard SMS service is dangerous in case of sensitive data. Users of the network can therefore choose from two possibilities: either use SMS only for exchange of unimportant data, or protect their SMS in some extra way.

Next chapter:Principles of SMS protection