Cybersecurity experts have urged Britons to stop texting – following a grave warning from the FBI to Americans about sending text messages between Androids and iPhones.
The US government’s intelligence agency says SMS exchanges between iPhones and Android smartphones are leaving people vulnerable to Chinese hackers.
Instead, the FBI advises using messaging apps like WhatsApp, Telegram and Signal, which have end-to-end encryption.
End-to-end encryption ensures only the two participants of a chat can read messages, and no-one in between – not even the company that owns the service.
Speaking to MailOnline, Jake Moore, security advisor at ESET, advised that Britons should also heed the FBI’s advice.
He explained that SMS messages can be ‘intercepted with specialist knowledge and tools’, which makes them vulnerable.
‘When messages are sent between Android and iPhone they are forced across the SMS network which is not encrypted,’ he told MailOnline.
‘Encrypted messaging services are far more protected and offer product and security.’
SMS messages can be sent between any two mobile devices and are transmitted over mobile networks – but experts warn that this can be unsafe
Instead of SMS, Mr Moore recommends Signal, a privacy-focused app similar to WhatsApp that allows encrypted one-to-one or group messages and video calls.
‘Privacy focused messaging platforms are the most secure and Signal ticks all the right boxes,’ Mr Moore added.
Dr Luca Arnaboldi, professor of cybersecurity at the University of Birmingham’s school of computer science, agrees that encrypted apps like WhatsApp are ‘more secure’ than SMS.
However, intercepting SMS messages and reading users’ conversations is ‘very difficult’ and ‘requires specialized equipment’, he added.
For that reason, the likelihood of a Brit having their SMS messages intercepted by hackers is ‘very low’, according to the academic.
‘Lots of messaging apps, such as WhatsApp, encrypt all messages, no matter what the phone operating system is,’ Dr Arnaboldi told MailOnline.
‘So it could be considered more secure, as even in the event of interceptions they would not be able to be read [your messages].’
Android phones use Google Messages for sending and receiving messages, while iPhones use iMessage – but both have end-to-end encryption too.
Android phones use Google Messages (left) for sending and receiving SMS messages, while iPhones use iMessage (right)
It should be fine for an iPhone user to send a message to another iPhone user if they are both using iMessage (file photo)
Therefore, it is low-risk for an Android user to send a message to another Android user if they’re both using Google Messages.
Similarly, it should be safe for an iPhone user to send an message to another iPhone user if they are both using iMessage.
The problem arises when messages are sent between one Android and one iPhone, because they are forced across the SMS network which is not encrypted.
‘So the only issue in the very unlikely scenario were a message is intercepted, is that it could be read in Android to iPhone (and conversely),’ Professor Arnaboldi added.
The overall message for Brits – and phone users in general – is to switch to end-to-end encrypted apps like WhatsApp and Signal that can be used for text messages, voice calls and video calls.
John Kingston, senior lecturer in cyber security at Nottingham Trent University, called SMS messaging ‘an old technology’ and ‘therefore vulnerable in more ways than one’.
SMS, or ‘short message service’, has been available since the 80s but hit its heyday around the turn of millennium.
The US government has for years been trying to convince Americans to stop sending SMS messages – a move unsurprisingly backed by tech firms such as Meta that offer end-to-end encrypted messaging apps.
Signal is a privacy-focused app similar to WhatsApp that allows encrypted one-to-one or group messages and video calls (file photo)
In the US, TV adverts and billboards have given warning such as: ‘If your personal texts aren’t end-to-end encrypted, it’s not private.’
End-to-end encryption is not without its controversies, however – children’s charities have criticized it for making it harder to detect criminal activity such as pedophilia.
SMS is typically transmitted over mobile or ‘cellular’ networks – the vast equipment that enable wireless communication between mobile devices – but it’s a misconception that SMS messages are inherently insecure.
Researchers at mSpy say it can be simply a case of installing monitoring software on the target device, which could be done remotely by sending dodgy messages containing links to malware.
Muhammad Ajmal Azad, senior lecturer in cybersecurity at Birmingham City University, said SMS messages have ‘some shortcoming which might affect security and privacy of users’.
‘SMS messages could be intercepted or read by anyone such as hackers or even your mobile carrier,’ he told MailOnline.
‘Messaging apps like WhatsApp operates over the IP (internet protocol) network which is different from mobile communication systems.’
He said SMS messages are often stored in the computers of a telecom carrier, whether it’s Verizon, AT&T or T-Mobile, which can be easily accessible by the third party in-case of data breaches.
Meta, owner of WhatsApp and other social apps, touts end-to-end encryption as the only way to keep personal messages well and truly safe. Pictured, advertising at Piccadilly Circus, London
This cyberespionage campaign targeting SMS messages sent in the US has linked with an ongoing cyberespionage campaign blamed by the US government on China, dubbed ‘Salt Typhoon’.
The warning came from a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency.
‘Our suggestion, what we have told folks internally, is not new here: encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,’ Greene told NBC News.
Despite months of investigation, the true scale of the operation, including total number of victims or whether the hackers still have some access to information, is currently unknown. However, China has rejected accusations from US officials that it engages in cyberespionage directed against Americans.
On Tuesday, a spokesperson for China’s embassy in Washington called the US allegations ‘disinformation’,
China’s government ‘firmly opposes and combats all kinds of cyber attacks,’ spokesperson Liu Pengyu wrote in a statement emailed to The Associated Press.
‘The US needs to stop its own cyberattacks against other countries and refrain from using cyber security to smear and slander China.’
Luke Stevenson, cybersecurity manager at Redcentric, said the collective recently targeted President Trump in the earlier stages of the US election campaign.
‘From the information we have so far, it seems to be about gathering ‘secrets’ to provide China with an information advantage over the US,’ he told MailOnline.
Luke Dash, CEO of ISMS.online, said: ‘While the FBI’s warning is focused on vulnerabilities in US networks, British consumers should also take note.
‘Text messages sent via SMS – the standard texting format on most phones – are not as secure as we might think.
‘They can be intercepted because they don’t use end-to-end encryption, leaving messages vulnerable to potential eavesdropping.’
Sachin Bhatt, technical director at CyXcel, added that it is ‘highly likely’ similar compromises of UK networks have occurred.
‘The UK is a member of the Five Eyes intelligence-gathering alliance (that also includes the US, Canada, Australia and New Zealand),’ he told MailOnline.
‘If Chinese hackers have developed such a technical exploit, they will want to target all these players.’
