How Secure is SMS anyway?

How Secure is SMS anyway? SearchSearch
Author Message
Saeed Paksima
New member
Username: Paksima

Post Number: 1
Registered: 07-2004
Posted on Wednesday, July 21, 2004 - 08:37 am:   

From my experience, there's no way someone can eavesdrop or get your SMS message on the way except at the SMSC point, so apart from the SMSC there's no need to worry about privacy or message security. Now can you confirm this ? Secondly, how can we assure that the SMS messages are secure enough even at the SMSC, say by encoding them?
Generally speaking is there a way that you can fake another phone number as the sender? I mean how secure is peer to peer SMSing?
Can you point me to some good docs online about SMS security ?

TIA
Bryce Norwood - NowSMS Support
Board Administrator
Username: Bryce

Post Number: 3191
Registered: 10-2002
Posted on Friday, July 30, 2004 - 11:19 pm:   

Well, quite some time ago, I posted some information here:

http://support.nowsms.com/discus/messages/132/260.html

There is a very interesting story there about how a jealous boyfriend got 2 employees of O2 in the UK to intercept text messages sent by his girlfriend's phone in order to catch her cheating on him.

Operators have taken steps to secure their SMSCs with physical security procedures, and limiting access to a small group of employees. In general, I think things have improved since that particular story came out. But you can't always guard against operator employees doing the wrong thing.

Also, law enforcement authorities generally have the right to request SMS logs from the operator. Often times these logs show only the binary encoding of messages, but they can be easily enough deciphered.

So in all, it depends on how strict your security requirements are. There's no way to encode the message end to end unless you run specialised client software on the phones (which is an interesting idea).

As for faking a sender phone number ... that can usually be done quite easily. Many SMS service providers will allow you to specify any phone number as a message sender.