Editors note: This is an excerpt from the book, “COMSEC: Off-the-Grid Communications Strategies for Privacy Enthusiasts, Journalists, Politicians, Crooks, and the Average Joe.”

CHAPTER 1 (CONTINUED): THE INSECURITY OF SMS AND STANDARD VOICE CALLING

Cellular telephone calls and SMS messages are both insecure and non-private. Your calls are accessible to the CSP. The content of all your SMS text messages is fully saved and recorded by your CSP. In addition to the content, all of the metadata about these transactions is recorded and stored, as well. This creates a privacy nightmare that is just waiting to happen.

All it takes to verify this is a quick look at your cellular phone bill. The bill will show a long list of incoming and outgoing calls, incoming or outgoing SMS messages, and in some cases even the city where your phone was located at the time of the event. All of this metadata about your calls and texts, and the content of your texts, is stored for a minimum of five years. This information is consistently abused by CSPs who monetize it.

Verizon: On the counts of collecting and monetizing metadata and failing to provide meaningful protection to calls and messages, Verizon Wireless is perhaps the worst offender of the top-tier CSPs. Verizon sells your location data. While encrypting your calls is standard industry practice, Verizon fails to do so. We don’t mean to imply that any of the major cellular providers are much better; we only mean to point out that Verizon is particularly notorious in this regard.

Government Access: Because your cellular calls are either encrypted poorly or not at all, their content is available to governments. Governments may access the content of your calls and SMS through the application of legal pressure. Governments may also access your calls without the complicity of the CSP through the use of a cell site simulator. A cell site simulator is an electronic device that puts out a very strong signal that your phone will recognize as a cell tower. If you are within its range and your phone assesses its signal to the strongest signal available, your phone will connect to the simulator.

Once your device is connected to the cell site simulator, all of your traffic will flow through the simulator where it is collected. Your only defense against this type of attack is to use strong encryption. Though we are not anti-law enforcement, we do recognize that these types of devices are frequently used without warrants, and they frequently capture the conversations of people other than the intended target. Neither of us are criminals, nor do we condone criminal activity, but neither of us want to be swept up as “incidental collection”.

SS7 Vulnerability: Modern cellular carriers utilize a routing protocol known as Signaling System 7 (SS7). This protocol was designed in the mid-1970s and allows carriers to exchange information between each other. This information is used to pass calls and messages between carriers, and to keep track of billing and usage. It is also used to verify roaming plans before devices are allowed to access other networks. Unfortunately, this protocol has some major systemic vulnerabilities.

Hackers are sometimes able to break into the SS7 system. This provides capabilities similar to those of government actors. Hackers can forward calls and texts silently so that your device will give no indication of an incoming call. This could be used to deny you service, ascertain with whom you are communicating, or capture two-factor authentication tokens sent via phone call or text. Hackers can also view text messages sent via standard SMS between devices and track your location through the exact same protocols that CSPs and government actors do.