[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] How secure are your text messages?
From: InfoSec News <alerts () infosecnews ! org>
Date: 2008-01-28 8:16:48
Message-ID: Pine.LNX.4.61.0801280216360.13451 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://www.freep.com/apps/pbcs.dll/article?AID=/20080124/BLOG01/80124038/1002/BUSINESS
By Mike Wendland
Free Press Technology Columnist
January 24, 2008
The scandal over the thousands of text messages between Detroit Mayor
Kwame Kilpatrick and chief of staff Christine Beatty has a lot of people
wondering just how private their own messages are.
For most people, the answer is ...don't worry.
Just as cell phone calls are not recorded, neither are text messages.
Regular text messages sent through regular cell phones are not kept in
any central repository. When you zap them from your phone they are, in
almost all instances, forever zapped. There is no federal law requiring
that they be stored or kept by the cell phone provider.
Text messaging is what the wireless companies call SMS for Short Message
Service. It has become almost as popular as cell phone voice
communications, with as many as 20 billion text messages being sent each
month in the United States alone. Typically, text messages are 140
characters or less, sent via the data networks of the wireless providers
from one device to another.
In the mayor's case, the reason his messages have been exposed is
because of the specialized service the city has contracted with to
handle wireless communications between city officials. Although the
scandal is already being dubbed BlackBerrygate by wags, the gizmo the
mayor and Beatty used to communicate wasn't a BlackBerry at all.
It was a SkyWriter, and although it looks a lot like a BlackBerry, it's
a dedicated messaging device provided to the city by SkyTel, a
Mississippi-based wireless company that specializes in providing paging
and messaging services to large corporations and governmental bodies
through its own wireless network and devices.
"Every message sent over the SkyTel network ... is recorded, including:
Date and time the message was sent... 'From' address... 'To' address...
Length of the message..Entire message content up to 2,000 characters ,"
notes the company on its Web site in an article about the "benefits of
message archiving."
For major corporations and governments, the automatic archiving of such
messages is important, where legal requirements mandate the storage of
all business- or government-related communications. But tell the mayor
that's a benefit today.
The irony of the scandal is that if the mayor had used a regular
cellphone and text messaging service from Verizon, AT&T or Sprint, there
would be no record as those messages are simply passed through to the
connected devices by the wireless companies and not stored on any master
server anywhere.
"We do keep them for about two weeks," says Mark Elliott, a spokesman
for Sprint. "But that's just to make sure they get sent if the
customer's phone is turned off or out of the network. After that, even
if not retrieved, they're gone. We don't store them. We have no record
of them. That's standard practice in the industry."
A spokesman for AT&T, Howard Riefs, said the company keeps next messages
for no more than 72 hours. After that, he said, "the text message is
removed from our system and cannot be accessed or retrieved."
Verizon Wireless issued a statement this afternoon saying it only keeps
text messages "a very short time" before erasing them.
But the mayor used SkyTel, a system that stores the messages.
And by using the city-paid private messaging services from SkyTel for
his very personal communications, the mayor left a trail that the Free
Press uncovered. When you use a city-owned device on a taxpayer-paid
communications system to plot your dalliances, there is no such thing as
privacy.
All this, of course, raises questions for all of us about the privacy of
text messages. And it focuses interest on an issue many parents have
raised, namely, how can they monitor the text messages being sent and
received by their children.
In general, text messages are pretty private. Once they're deleted on
the phone, they're gone. If the messages are saved on a memory card on
the phone, they can be recovered, even after being deleted, though the
recovery is expensive and requires specialized firms.
There is company called Radar, that, for $9.95 a month, sells a service
that parents can subscribe to that passes messages and e-mail sent or
received by their child's cell phone through a Web site that parents can
check. Parents set up approved lists of people their children can
communicate with and be notified if non-approved people try to contact
them.
They can even retrieve full text messages. The system works by
downloading special software into the cellphone. A spokesman for the
comany said the system works with most of the cell phone models now on
the market.
While text messages are not kept by the wireless companies for long,
those who send e-mail via their mobile phones shouldn't think cell phone
e-mail is similarly e-vaporized. That's because e-mail sent by phone is
processed the same way as computer e-mail, through servers which store
and archive the messages in electroic databases.
While e-mail may be deleted from a computer or cell phone memory, it can
usually be retrieved from the central server and... if required by
subpoena... turned over as legal evidence in court cases.
All this concern over privacy and messaging just underscores something
most of us heard from our mom: Don't say (or write) anything you don't
want other people to find out.
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic