Source
Many people will tell you that SMS is just as safe as email, but is this true? Are there any common SMS security issues that you should be aware of? Well, as a matter of fact, there are. Let’s take a look at them.
SMS Messages Are Not Encrypted
This is probably the biggest one of the common SMS security issues.
The SMS protocol does not allow for the encryption of SMS messages. This means that if somebody was snooping on a cellular network, there is always a chance that they could see your SMS messages.
Those SMS messages can also be read by your cellular network and the cellular networks that the message passes through. The chance of this happening is low since those networks will have some sort of system in place that prevents their messages from being read. However, there is always the chance.
This can pose a major security issue in some cases. This is because many people use SMS for their 2FA. If somebody intercepts that SMS, there is a chance that they may be able to log in to your private accounts. Again, the risk is minimal, but it doesn’t mean that the risk isn’t there.
SMS Messages Can Be Spoofed
Ok. We suppose that this is a security issue with most messaging systems. However, people expect there to be some spoofing via email. It is incredibly rare that they expect there to be some spoofing with SMS messages. However, it can happen.
People can make the sender’s number appear a little bit different. This means that if you aren’t careful, you may find that you have been phished. This is a common issue with SMS messages that would normally be sent by major corporations. You may find that the name/number of the company is fine. There will be a link, you click it, and then BOOM, your password has been stolen.
SIM Cards Can Be Hacked
SIM cards (that small chip that you put in your cellphone to connect to a network) can be hacked. They are a little bit more protected than they were in the past, but it can happen.
There is a vulnerability in SIM cards that can be impacted by something known as SIMJacker. This is a piece of software that can inject itself onto a phone. It can then take control of the SIM card and send SMS messages (and do other things) without the phone owner knowing. This piece of malware is initially delivered by SMS message.
Now, while the SIMJacker can do a lot of things with your phone, it has been known to track locations using SMS messages. This means that if you were ever infected with the SIMJacker malware, the act of sending text messages will tell somebody exactly where you are.
Sadly, it is unlikely that we will ever be able to completely beat this vulnerability. SIM cards do not work that way. There have been strides to beat this, and the number of hacking has gone down, but it is a real problem with SMS.
That’s why using a free SMS verification service will protect you from getting hacked.
Others Can Read Your SMS Messages If They Have Your Phone
This is a massive security issue, but one that can easily be prevented.
If somebody wanted to access your email address, they can’t. They would need your password.
If they want to access your SMS messages, they just need your phone. There are countless stories of people leaving their phones somewhere and somebody accessing their SMS messages.
This problem is actually worse than ever before, and you can thank 2FA for that. Some people have been known to grab people’s phones to look at the 2FA codes that they have received. From this information, they can get into accounts through password resets and the like.
Thankfully, this is a problem that can be alleviated pretty easily. For starters, try to avoid leaving your phone somewhere that somebody could pick it up. We know that this isn’t always possible, but do keep a watchful eye on your phone.
Secondly, have a password on your phone. Even a simple 4-digit number will keep the vast majority of people out. If you have an Android phone, then you can remote wipe your device if it is lost or stolen. Apple will have similar systems that can help to prevent your device from being stolen.
No password means that you have a pretty big chance of falling victim to this security issue. Plus, we doubt that you would really want to have people thumbing their way through all of the information that you have stored on your phone anyway, right?
SIM Swapping Attacks
If you have ever tried to change your cellular network, then you will know that you need to get a code from the old network to switch over. There is a vulnerability here.
Somebody could easily phone your cellular network and pretend to be you. In fact, this is a surprisingly common problem. Many people just say they have lost their phone and they get a new SIM and the old one is deactivated.
Once this happens, the person has easy access to the SMS messages that you receive. They don’t even need to come into contact with you to get them.
Of course, this does have other issues than just SMS. However, the fact that your SMS can easily be intercepted with nothing more than a bit of ‘sweet talk’ from another person isn’t great.
With email, this isn’t going to happen. Nobody is going to be able to get a new password issued for your email account just by asking nicely.
Thankfully, this issue is less than it was in the past. This is because many companies now have safeguards to prevent it due to how prevalent it once was.
Conclusion
There are plenty of security issues with SMS, as this list of common SMS security issues may tell you. However, it is still a safe technology, provided you take some precautions.
