James Arnold, Chief Digital Officer, Rooster Strategic Solutions
You’ve probably seen the new WhatsApp commercial, the one with the carrier pigeons. Set to Parliament’s “Can You Get to That,” the spot shows people inside a mail shipping center, confused by the employee’s use of the pigeons to deliver their messages, which he says is less risky than sending unencrypted SMS texts.
This led me to wonder if my texts are secure, and if not, if I should be worried. The short answer? Not really. But probably not.
Truth is, all communications are vulnerable to a certain degree, and our e-mail and texts are more vulnerable than most. For instance, if you send a standard SMS/MMS text message via your cellular provider, that provider can not only see the contents of your messages, but they also store it in their systems. Inherently we understand that deleting an e-mail or a text doesn’t really make it go away, and that select companies, marketers, or government entities might someday dredge them up. It’s all part of the Terms of Agreement that we gladly click without reading.
But what really gets our blood pumping is the fear that cyber criminals can hack into our private messages to steal from us, lock down our devices until we ransom them back, or otherwise make our lives more complicated. This, for some reason, is far more frightening than the amount of information we willingly trade to companies to use their platforms. But is this threat a real one, and should it affect our decisions on which apps to use, as the WhatsApp commercial strongly suggests?
Yes, criminals can absolutely hack your texts and e-mails. And they can do this in any number of ways. The most common method is “smishing,” a text message that appears to be from a trustworthy source, asking you to take an action, such as clicking on a link, or liking a post. Once a user clicks, the browser hackers can exploit your mobile connection to gain access to the data on your device. The most frightening scenario would then involve the criminal installing spy apps on your phone, which can record keystrokes, monitor GPS locations, or tap the device’s microphone.
It’s also possible for criminals to snoop on your texts without first sending you a message to click on. One way is by installing malware at a public charging station. When you connect the free cable to your device, you open the door to your information. Another more complicated method is by attacking the network interchange that operates as a broker between mobile phone networks. Known as Signaling System No. 7, or SS7, this interchange exists to handle details such as number translation, billing, and other backend transactions that connect one network to another. By hacking into the SS7 system, criminals can track location, read sent/received texts, and listen in on phone calls simply by using the phone number as an identifier. Other hackers target iCloud or Google accounts, instead of the device. If you back up your information to the cloud, it’s at risk.
But they probably aren’t. Yes, the world is a dangerous place sometimes, and if you’re texting at a Starbucks there’s a chance that a hacker is getting ready to take over your phone. However, it’s more likely that you’ll get into an accident driving home from the coffee shop. Seriously, unless you’re an important politician, super rich, or an international spy, the chances of your texts getting hacked is pretty low.
Having said that, there are some simple, commonsense rules to help ensure safety. Most of these are fairly obvious. Use strong passwords. Don’t type anything you wouldn’t want overheard if it were a conversation. Turn off your cloud backups and delete message histories regularly. Keep your devices secure and take advantage of any security measures your device offers, such as passcodes, passwords, and facial/fingerprint recognition. And the carrier pigeon commercial is correct – using a third-party messaging application is more secure than standard SMS.
Sending digital messages is a way of life now, right up there with breathing and eating barbecue. Yes, sending these messages will always create a certain amount of risk, but for most of us, it’s a manageable risk. Knowing your privacy and security settings and using a little bit of common sense should be all the protection you need.