The 30th birthday of SMS, short for Short Message Service, is a good occasion to discuss the IT security of SMS messages. Compared to other communication methods such as instant messaging apps, SMS is less secure. One reason for this is that the protocol used for SMS, called SS7 (Signaling System 7), is susceptible to hacking attacks.
SS7 is a telecommunications protocol used by most mobile providers worldwide to enable the transmission of SMS messages. However, it is not very secure and can easily be exploited by hackers to gain access to SMS messages. A well-known example of this is the so-called “SMS phishing” attack, in which hackers send a text message to a mobile phone that appears to come from a trusted source. If the recipient clicks on the link in the message, they are redirected to a fake website where they are prompted to enter their personal information. In this way, hackers can gain access to sensitive data.
Another weakness of SMS is its lack of support for multi-factor authentication (MFA). MFA increases the security of online accounts by requiring users to enter not only their username and password, but also an additional factor such as a security code sent via SMS to their mobile phone. While this method is better than using a single password, it is still vulnerable to SMS phishing attacks.
In terms of IT security, SMS is therefore not great. Users should always be cautious when receiving SMS messages, particularly those that contain links or ask for personal information. It is also advisable to use other, more secure communication methods such as instant messaging apps that offer better support for MFA.
[Update 2022-12-11]: A clarification to the article can be found at ChatGPT.
[Update 2023-02-26]: In the meantime, I have written an article on the topic myself: No more SMS on Twitter for MFA.