Chris Hoffman is Editor-in-Chief of How-To Geek. He"s composed about technology for over a decade and also was a PCWorld columnist for two years. Chris has written because that The new York Times, to be interviewed together a modern technology expert on TV stations choose Miami"s NBC 6, and had his work-related covered through news outlets like the BBC. Because 2011, Chris has actually written end 2,000 posts that have been read practically one billion times---and that"s just below at How-To Geek. Check out more...
You are watching: Can anyone read my text messages
Jan 21, 2021, 6:40 am EST| 7 min read
Your to move Carrier can See her SMS Messages
With SMS, messages you send space not end-to-end encrypted. Your cellular provider have the right to see the components of messages you send and also receive. Those messages are stored on her cellular provider’s systems—so, rather of a tech company like on facebook seeing your messages, her cellular provider have the right to see her messages.
Cellular carriers save the components of those messages for various amounts of time. Messages are regularly only retained for numerous days, but they save metadata (which number sent a post to i beg your pardon number, and at what time) for even longer. These records can be topic to subpoena in legit proceedings—for example, text article records are a common type of evidence in divorce cases.
Compare this come an end-to-end encrypted chat app like Signal. Signal doesn’t have actually the materials of your communications. Signal doesn’t even know who you’re talking to. Your conversation data is only stored top top your an equipment and the machine of the human being you’re talk to—that’s it.
That aside, have to you trust her cellular provider through your conversations? Well, earlier in 2019, AT&T, Sprint, and also T-Mobile were every revealed to be offering customer ar data come aggregators. It was used by everyone from bail bondsmen to rogue bounty hunters. (After this was reported in the news, the cellular carriers promised to stop.)
Do you want those providers to see all the materials of your personal conversations?
RELATED: Can Anyone yes, really Track mine Phone"s specific Location?
SMS Messages can Be Intercepted by Criminals
But SMS messages are offered for security, right? There’s a factor every bank and also financial institution counts on SMS message to verify your identity—right?
Well, yes, there is a reason. But that factor isn’t because of security. It’s simply that everyone has a phone call number. Requiring confirmation via SMS to add some added security. Also if SMS isn’t an especially secure, that at least ensures that an attacker has to intercept an SMS blog post in enhancement to typing in your password.
SMS messages deserve to be intercepted. Mobile phone call networks about the people are linked to each various other through the Signaling system No 7 (SS7) protocol. This is exactly how your phone call can connect to a to move network and make and also receive calls, even when you’re in an additional country top top the various other side of the world.
The SS7 system has been repeatedly struck by hackers who have actually snooped on SMS messages or intercepted them. This is specifically useful as soon as compromising financial institution accounts, for example—the attackers deserve to snoop ~ above the confirmation codes the are typically sent via SMS, usage them to access bank accounts, and drain them.
This is why security specialists have recommended versus using SMS because that two-factor authentication. An application that generates codes on your machine or a physics security key is much an ext bulletproof. (However, if SMS is the just option you have actually available, SMS is far better than nothing.)
SMS Messages can Be Monitored by Authorities
Governments approximately the human being have access to “stingrays,” tools that basically impersonate a to move tower. When placed near your physical location, this trick her phone into connecting come them (as her phone would attach to a common cellular tower). The stingray device can climate track her movements and see her SMS text messages—just favor your cellular carrier can.
Beyond neighborhood monitoring, SMS messages can also be brushed up up in bigger surveillance systems. Follow to papers released through Edward Snowden ago in 2014, the NSA was, at the time, collecting over 200 million text messages a work from approximately the globe.
Other countries’ knowledge services also have accessibility to stingrays and also SMS-monitoring technology, so it’s clean why encrypted interaction apps choose Signal and Telegram are particularly popular amongst activists living under repressive regimes. Because that example, Telegram and also Signal room banned in Iran.
RELATED: Signal vs. Telegram: i beg your pardon Is the finest Chat App?
Your phone Number Is Surprisingly basic to Hijack
Beyond SMS, phone call numbers actually have very poor security—at the transport level. A scammer can contact your cellular transport or get in a store and also impersonate you. If the scammer has sufficient details and also can trick your carrier’s customer organization representatives, they deserve to get manage over your phone number. Castle may have actually the transport “port out” her phone number come a different cellular carrier—just as you’d do if you to be switching to an additional cellular provider. Or, castle may have the carrier issue a brand-new SIM card tied to her phone number and also deactivate your existing sim card, removing accessibility to her phone number.
Now the attacker would have your phone number. With that, they can get accessibility to accounts protected by SMS-based two-factor authentication. For an individual scammer, tricking a customer organization person is simpler than hacking SS7, ~ all. This is dubbed a “port-out scam” or “SIM swapping attack.”
You can often defend your call number by adding extra PINs and also security functions with your cellular provider. Examine with her cellular provider to check out what security features they offer to protect against port-out scams.
This has happened to fairly a couple of people—enough the the FCC and far better Business Bureau have put the end advisories warning about this scam.
RELATED: Criminals have the right to Steal your Phone Number. Here"s just how to stop Them
iMessage and RCS: much better Than SMS?
The Messages app on iphone phone supports both SMS and Apple’s very own iMessage service. ~ above Android, an ext and much more Android phones are getting support for the more modern Rich interaction Services (RCS) standard. Both room designed to silently “upgrade” text post conversations to an ext modern, certain ones as soon as both world are using gadgets that support them. So how do they compare to SMS?
Apple’s iMessage piggy-backs on SMS in a sense, making use of phone numbers as identifiers. If both you and the human you desire to text have iPhones and also have enabled iMessage, any text girlfriend send will certainly be sent as an iMessage instead. These room end-to-end encrypted and also sent with Apple’s servers. You’ll know iMessage is being used since the messages will have blue bubbles. If girlfriend see eco-friendly bubbles instead, the Messages app is using SMS instead—because you’re messaging someone there is no iMessage, most likely a human being who is an Android user.
The RCS typical being propelled for Android users—think the it as the Google/Android equivalent to Apple’s iMessage—did not support end-to-end encryption as of January 2021. Together of November 2020, Google was working on including end-to-end encryption to RCS. That means, also with that fancy brand-new RCS mechanism on her Android phone, your cellular carrier can still view the contents of the message you send, as with with SMS.
The problems With SMS, Summarized
Let’s conveniently summarize the problems with SMS, and also compare it to a secure, end-to-end encrypted chat app like Signal.
With SMS:Your to move carrier deserve to see the materials of the messages you’re sending and receiving. Any accumulated records might be subpoenaed in legal proceedings.SMS messages have the right to be intercepted by hackers because of weaknesses in the rickety old protocol that powers them. This place financial and also other accounts at risk.Authorities have the right to deploy stingrays to snoop on the contents of message messages in one area.Scammers can shot to steal your cell call number by tricking your cellular provider’s customer business staff.
With Signal, because that example:Stingrays can’t check out your conversations. Authorities can’t snoop ~ above the content of Signal messages—not without acquiring their hand on a call that has them. Every they have the right to see is encrypted website traffic being sent back and forth to Signal’s servers.
What You have to Use Instead
We used Signal as the instance here as the comparison is therefore stark—Signal is the most widely recommended exclusive chat app, through always-on end-to-end encryption.
If you have an iPhone, interacting with iMessage is much an ext private and secure 보다 using level old SMS. Hopefully, Android users will one day have actually secure end-to-end encrypted messages constructed into their gadgets after improvements are made come RCS. Unfortunately, iMessage and also RCS aren’t compatible v each other, so iPhones and also Android phones will have actually to interact over SMS—or move to different chat apps that aren’t built-in.
Other chat apps are an option, too. Telegram is popular, although it doesn’t use end-to-end encryption by default. WhatsApp at least uses end-to-end encryption by default, unlike facebook Messenger—if you to trust a Facebook-operated conversation app. But even facebook Messenger is arguably much more secure 보다 SMS—you’re trusting Facebook with your messages, however at least you don’t have to worry around the difficulties in the ancient, creaky old SS7 protocol.
For two-factor security, it’s best to prevent SMS for really vital tasks. Unfortunately, some solutions will fall ago to SMS authentication anyway—for convenience. Over there are occasionally alternatives. For example, Google offers advanced Protection for journalists, activists, organization leaders, and politicians who need maximum defense for their accounts, and it needs the usage of a physical defense key. The said, SMS-based two-factor protection is still much better than nothing.
RELATED: What Is Signal, and also Why Is Everyone utilizing It?
The Future the SMS: will It ever before Be Fixed?
SMS is simply outdated technology. It plainly was not built with privacy and also security in mind, and also those style decisions room still v it today.
Hopefully, this will be addressed in the future. If RCS becomes an ext mature, benefit end-to-end encryption, and also is easily accessible in every Android phones—well, then all Apple would have to do is agree to make RCS compatible with iMessage in part way. Then all modern-day smartphones would have secure messaging the doesn’t rely on ancient protocols built-in.
See more: 94Th Birthday Gift For 94 Year Old Woman In 2021, 50 Top Gift Ideas For 90 Year Olds
For now, it’s finest to protect against text message if you’re concerned about your privacy or the protection of her accounts.
RELATED: Signal vs. Telegram: i beg your pardon Is the ideal Chat App?