Your Text Messages Are Not Safe

Do you trust Verizon? How about AT&T? T Mobile? Every time you communicate with your family, friends, and coworkers via SMS text messages, someone could monitor and record what you say. Your text messages aren’t safe.

To begin with, mobile phone carriers have no control over the text messages sent over their network.

Did you know that?

A company named Syniverse handles practically all the text messages sent in the USA.

Guess what? For at least five years, hackers have had access to the national SMS infrastructure.

Syniverse, a company that routes hundreds of billions of text messages every year for hundreds of carriers including Verizon, T-Mobile, and AT&T, revealed to government regulators that a hacker gained unauthorized access to its databases for five years.

Jon Brodkin via ARS Technica

Your Text Messages Are Not Safe

Have you ever heard of Syniverse? Probably not.

Did your mobile phone service provider tell you about Syniverse? Probably not.

You don’t know who handles your communications

Without telling you, Verizon, T-Mobile, and AT&T have willingly routed their customer’s communications via a third-party provider that failed to follow proper online security procedures.

For its part, Syniverse refuses to cooperate with the news of their negligence:

Syniverse hasn’t revealed whether text messages were exposed.

https://arstechnica.com/information-technology/2021/10/company-that-routes-sms-for-all-major-us-carriers-was-hacked-for-five-years/

Who the heck is Syniverse?

Syniverse is a telecommunications company based in the United States. It was founded in 1987 as a GTE business unit called GTE Telecommunications Services Inc. The company’s global headquarters are in Tampa, Florida, and it has regional headquarters in Costa Rica, Argentina, Dubai, Luxembourg and Hong Kong.

Wikipedia

According to the Syniverse website,

Syniverse’s secure, global network reaches billions of people and devices. We empower businesses to transform how they connect and engage with customers.

https://www.syniverse.com/

Information published by ARS Technica and other publications reveals that Syniverse does not operate a secure network.

A Massive Cyberincident

Here’s a third party’s view of the Syniverse disaster:

Syniverse has access to the communication of hundreds of millions, if not billions, of people around the world. A five-year breach of one of Syniverse’s main systems is a global privacy disaster…

Karsten Nohl, a security researcher

Cellular providers knew

Did your cellular provider tell you that their third-party service provider was compromised by hackers for at least five years?

No.

Your mobile service provider did not tell you about the Syniverse problem. They didn’t even tell you about Syniverse!

The truth came out in the form of a report filed with the SEC, not with you, their customer.

As is standard with SEC filings, the document discusses risk factors for investors, in this case including the security-related risk factors demonstrated by the Syniverse database hack.

ARS Technica

Syniverse Won’t Cooperate. According to the ARS Technica article, “Syniverse declined to answer our specific questions about whether text messages were exposed and about the impact on the major US carriers.”

Syniverse “Responds

Rather than answer questions, the shadowy company referred the publication to the SEC document that revealed the disturbing news.

Syniverse said that its “investigation revealed that the unauthorized access began in May 2016” and “that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (‘EDT’) environment was compromised for approximately 235 of its customers.”

ARS Technica

Vice’s “Motherboard” attempted to learn more about the 5+ year ongoing hack:

Syniverse repeatedly declined to answer specific questions from Motherboard about the scale of the breach and what specific data was affected, but according to a person who works at a telephone carrier, whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages.

Lorenzo Franceschi-Bicchierai via Motherboard (Vice)

You can read the Motherboard article to learn more about Syniverse and their prolonged data breach.

How should you respond?

Do you think that any court of law will hold AT+T, Verizon, T-Mobile or Syniverse accountable for their negligence?

Don’t count on it.

Now that you know that hackers have unrestricted access to your text messages, you should take steps to protect yourself.

Use discretion

Never send any confidential information via SMS. This includes:

  • Any information that incriminates you or someone else.
  • Trade secrets.
  • Customer information.
  • Personally identifiable information such as birthdays, addresses, social security numbers, pet names, etc.

Use Signal

American hero, Edward Snowden, revealed to the world the extent of the U.S. Government’s intrusion into your privacy.

In January 2021, we reported that Snowden credits the use of the Signal app for his survival.

Signal is a cross-platform centralized encrypted instant messaging service developed by the non-profit Signal Technology Foundation and Signal Messenger LLC. Users can send one-to-one and group messages, which can include files, voice notes, images and videos.

Wikipedia

Signal can substantially increase the safety of your instant messaging communications. It’s available for Android and Apple mobile devices as well as Windows, Linus and MacOS desktops.

Learn more by visiting the Signal App website.

Learn More from Simple Online Security

Corporations and governments won’t keep your personal communications safe.

Check out the below resources published right here at simpleonlinesecurity.com to improve your online security.