Are Text Messages Encrypted? The simple answer is No.
Some mobile providers claim their service is encrypted, but in reality you are still left unprotected.
In this article, I will explain:
That text messages are NOT encrypted or protected
Mobile Carrier Encryption and why it doesn’t protect text messages
What you can do to protect your text messages
Q&A - commonly asked questions:
Are text messages private?
Which is more secure Text Messages or Email?
Are iPhone text messages encrypted?
Is it safe to text my Social Security Number?
Encryption and Text Messages
Alright, let’s answer this question once and for all. No, your text messages are not encrypted.
Text Messages move through a carrier’s network through various stages:
- Phone to cell tower
- Cell tower to mobile provider (often via unencrypted microwave link)
- Provider processes and stores SMS in database
- The message is sent in reverse order to recipient, again unencrypted.
If text messages are encrypted at all, they are only encrypted from your phone to the cell phone tower. But many mobile carriers do not enable that encryption.
But my mobile carrier says they use encryption?
That encryption is built into the GSM or CDMA standard. SMS encryption for mobile communication ONLY encrypts to the cell phone tower. After your text message is received at your local cell phone tower, it is decrypted, then sent to the mobile carrier’s database and stored unencrypted and vulnerable. Additionally, several articles have shown that hackers can collect and crack this encrypted transmission with a computer graphics card. Armed with this knowledge, try calling up your mobile provider and asking "Are text messages encrypted?"
What else should I know about Text Message Security?
Your mobile provider is required to keep cell phone text message records that includes meta data of who you texted. Edward Snowden leaked information about NSA’s collection of this data. So while you're asking "Are Tex Messages Encrypted", you should also be asking what meta data they are keeping about your text messages.
How Can I protect my Text Messages?
Simple answer, you need to use a secure messaging app. If you need help finding one, check out my other article, Best Secure Messaging App: Which one is right for you?
Other Questions and Answers
Are Text Messages Private?
Well, it depends on what you mean by private. Are mobile carriers posting customers’ text messages on their Twitter accounts? Not that I have ever seen. However, by my definition, No, Text Messages are not private. When they are transmitted and stored unencrypted, mobile carrier employees, governments, and hackers are able to access your text messages. If your asking this along with Are Text Messages Encrypted, it shows that you're ahead of the game in that encryption doesn't always mean privacy.
I only consider a message private when it has been encrypted end-to-end between me and the intended recipient.
Which is more secure Text Messages or Email?
There is a bit more nuance here, but I am going to say Text Messages are less safe than email, but that’s not saying much. Here’s why:
- The standard for email today is to be encrypted from your email client to the server
- Most email servers STILL send email to each other over unencrypted SMTP
- Most emails are stored unencrypted on the server, just like SMS
- End-to-End encryption is available for email via SMIME and GPG
Emails are safer than text messages, but that doesn't mean their totally safe.
Want to know more about encrypted email? Check out: What Do You Mean My Email Isn’t ENCRYPTED?
Are iPhone Text Messages Encrypted?
You may have heard that iMessage on iPhones or iPads will encrypt your text messages. The secure text messages iPhone creates actually uses iMessage servers and avoids your mobile carrier’s SMS service all together. There are a few catches however,
- The other user MUST have an iPhone, iPad or Apple device. (Sorry Android Users)
- If your phone doesn’t have a data connection when sending, it reverts to unencrypted SMS
Is it safe to text a social security number?
No, it is not safe to send a social security number over text message. Absolutely not.. A person’s Social Security number is considered Personally Identifiable Information (PII),and by regulation PII, including social security numbers, are required to be encrypted while:
- Transmitted over the internet or other medium (text messages)
- Stored at rest on servers, laptops, in the cloud etc.
Bottom line, don’t send social security numbers over text messages.
Looking for a Secure Messaging Solution?
RokaCom was designed from the ground up to protect your information. It is encrypted End-to-End, and even our staff can’t see your messages and images or listen to your calls. Even if compelled by a subpoena, all we can do is turn over encrypted data, due to the encryption keys being only on your device.
If you would like to know more:
About Patrick Stump
The CEO and founder of Roka Com, Patrick has been a key player in both offensive cyber intrusion and security operations with multiple branches and agencies of the United States Government (USG), the military, and commercial industry.
Connect with Patrick on LinkedIn