Monday, February 4, 2008

How secure are your SMS messages?

A recent scandal in Detroit caused Mike Wendland of the Detroit Free Press to look into how long the major cell companies keep text messages on their servers as part of an article on text messaging security. The responses are interesting:

  • Sprint retains messages for approximately two weeks to ensure delivery
  • AT&T keeps messages for 72 hours
  • Verizon did not provide a timeframe but noted that they keep the messages for a "very short time".
Text messages are still plaintext, and provide no real security - and can be kept on the receiving phone, but these numbers may help alleviate concerns of a history of your text messages being kept to haunt you.

None of these are spelled out in their contracts - so there is a place in the industry for an an MVNO to sell encrypted, secure phone-to-phone communication and secure, encrypted text messaging available to subscribers.

2 comments:

dre said...

http://www.cryptophone.de

David said...

Those are a reasonable solution dre, and they do take the responsibility away from your provider.

My hope is that privacy and confidentiality will feed a more universal, reasonably device agnostic approach - either via a Java implementation, or something else.