Who Reads Your Messages Without You Knowing?

By /
How to Read Someone's Text Messages Without Their Phone

We all send messages, a lot of us call them texts even though we might not be actually sending them via SMS. Not only do some of us send a lot of messages we now rely on them instead of phone calls, which might also not really be phone calls but you know what I mean.


SMS ("text") - least secure

The one we all started with, that we fall back to when nothing else works, the basic, the granddaddy of all messages. SMS / text is the one we know will get through when other fancy messaging systems may not, it covers the world.

It's also totally insecure. Your message is sent unencrypted. You message carries all it's metadata (who from, who to, date & time sent, where sent from) is unencrypted.

Think of text as sending a postcard in the post. Yes, it will get there but anyone and everyone can read it on the way, including it's address, stamp, and who from.

If you have set-up 2FA / multi-factor authentication - you absolutely should for your Google, AppleFacebook, Microsoft accounts, and everything you use - using SMS as the way to receive your one-off codes is NOT the best move. Use an authentication app which uses maths and time to create the one-off codes, it's the only way to go.

SMS doesn't do video calling but, using MMS, it can send images ... these are all on a postcard for all to read.

DM / PM via social media apps - almost secure

DM (Direct Message) and PM (Personal Message) aren't really messaging services but we do use them sometimes, in Instagram's use is almost mostly messaging and not sharing photos.

The security of these 'add-on' messaging system is totally down to the system you use, which is often not really what they're up for. Mastodon for instance allows 'private' posts but it's not encrypted and not something I'd ever recommend, same for BlueSky. I would place these types of messaging 'apps' as close to unencrypted, and somewhere close to RCS / iMessage.


NOTE: from now on I talk about "message" but this includes written messages, images/videos/attachments, and voice and video calling. If I say a message is encrypted I also mean your sent photo is encrypted, or your video call is encrypted.


RCS & iMessage - base security

iMessage for those that use Apple hardware is likely to be the way you send your messages. Between other Apple hardware users this will be encrypted as it leaves your iPhone, flows through Apple servers, to other Apple devices (end-to-end encryption). Messages are also encrypted on the Apple devices the message is delivered to.

BUT, Is Apple iMessage End-to-End Encrypted? It Depends:

... if you’re not using Advanced Data Protection, and you have iCloud Backup enabled on any device where you use iMessage, the key to decrypt your messages is included in the backup stored on Apple’s servers. Apple can read your backup; 

All of this encryption only applies to the message itself but NOT it's metadata (who from, who to, date & time sent, where sent from) which is all unencrypted. So Apple (and whoever demands access) may not know what you said but they can find out who you said it to, when, and from where.

Of course iMessage only works between other iMessage users and will drop down to text (see above) when chatting with non-iMessage people, which is the vast majority of the people in the world.

What Apple should support is RCS (Rich Communication Services) which would mean security would be retained. RCS is Google's answer to iMessage and all the other message apps out there. It's an open standard, like SMS, and so any telecom provider can use it ... whether yours does is for you to find out, but if not you can use Google's servers instead. 

The story is the same as Apple's iMessage, between other RCS users (Android devices tbf) this will be encrypted as it leaves your device, flows through Google servers, to other RCS users (end-to-end encryption). Messages are also encrypted on the Android devices the message is delivered to.

Again, encryption only applies to the message itself NOT it's metadata (who from, who to, date & time sent, where sent from) which is unencrypted. AND, RCS will drop back to text if it has to in order to send the message.

The only way any of this can get better is for Apple to support RCS in iMessage and then it won't drop down to the totally unencrypted SMS - Apple say they have, yay, and it seems to be coming but reluctantly and with a lot of hrumphing and NOT in NZ yet.

Facebook Messenger & WhatsApp - widely used base security

Let's talk the big ones, both owned by Meta.

Messenger was built by Meta and WhatsApp was bought. Both act similar to iMessage / RCS as above but are tied to 'that' social media company.

As for encryption both apps have rolled out end-to-end-encryption, so your message from you, via the Internet and Meta servers, on to the recipient(s) is encrypted. No, of course the metadata is NOT encrypted so Meta, and anyone that demands of them, can see who from, who to, date & time sent, where sent from, and the journey your message has taken.

Signal - full security

The absolute gold standard of encryption for messaging, Signal.

Interestingly you are very likely using Signal technologies even if you're not using the app as the Signal Protocol is the encryption tech, underneath RCS, Messenger, WhatsApp, and many other end-to-end encryption messaging services.

Message content is encrypted from you, via the transient Signal servers, to your recipients, this is almost standard for all the above and means the content can't be snatched and read.

Signal ALSO encrypts all the metadata, so who sent it (you), the recipients, when, how to go there, what profile information you may have, what groups it was sent in ... all that extra bumf is encrypted and never stored by Signal.

When Signal receives a subpoena it's an easy response from them, "We don't have anything to give you, sorry."

... say law enforcement goes to the headquarters of a company that produces pens. They bring a specific pen to the company, and they ask the company to tell them everything that’s ever been written with that specific pen. Of course the company would look at them like WTF. That’s not how pens work, we can’t tell you that! Everyone would get that, understand it, and let law enforcement go on their way.

[source: Why I, And You Should, Use Signal Messaging App and Back into the Trenches of the Crypto Wars]

----

More information:


To conclude, FBI document shows what data can be obtained from encrypted

Jan. 2021 FBI Infographic re Lawful Access to Secure Messaging Apps Data

Comments

Post a Comment

Popular articles

The Difference Between One Million And One Billion

Image
It feels like a billion is just a bit bigger than a million. Obviously it's bigger but it fits on the same scale as a million, surely. It doesn't. A billion is so so so much bigger than a million. I've trawled the internet finding graphics and videos that show the VAST difference between one million and one billion. Oh, and just to finish with a different misconception about space starting with the classic opening line from the great Douglas Adams and The Hitchhiker's Guide To The Galaxy : “Space is big. You just won't believe how vastly, hugely, mind-bogglingly big it is. I mean, you may think it's a long way down the road to the chemist's, but that's just peanuts to space.”

Gift A Safe Night

Image
Last month I collected a bunch of "Which Are You Today?" images for online meetings and during that I stumbled across a friend sharing  Gift A Safe Night with Women's Refuge, what a simple and helpful thing to do. A $20 Safe Night helps a woman and her children escape family violence. I've joined the Safe Night's Club by popping $20 to them every fortnight for someone to use in their moments of absolute scary needs. One night of safety at Women's Refuge for a woman and child costs just $20 and includes: A safe, clean bed Secure transport Hot meals Supportive staff 24/7 crisis line Helpful advice We all do what we can to help when we can - if you can afford $20 every fortnight / monthly, then I would strongly urge you to sign up and help Women's Refuge support women and children when the shit really hits the fan and they need support and safety.

"Right Wing" Comedians

Image
Too many people comfortably plump themselves into an army of one type or another . Surrounded by those that sound like you, listen to you intently whilst nodding, and echo your thoughts on why the fight is a good fight and that the other side are such bad terrible people. I used to be more like that than I am nowadays ... hmmmm, aren't we humans meant to become more conservative and reactionary as we age, strange Mike. These thoughts have me thinking of two UK comedians that have been tagged as "right wing", which is putting them into an army for the benefit of someone but, I suspect, not them. First up,  Simon Evans who makes me laugh when he's talking about his family, kids, and life in Brighton. He then hit my ears big time with: Simon Evans Goes to Market , has had six seasons, delighting audiences with his witty and insightful take on the comedically unpromising territory of economics, all of which prove among the most popular downloads on the Sounds App. On the...

W. C. Fields quotes

Image
The office has all been moved around - new desks (with starter handles to raise and lower them), new high(er) speed network and ... the same old work. At least I have a differing view of the world, my team (well, the team I'm a part of not "my" team) is a lot closer - finally - and it's like an office from the 80's ... or even a classroom. But I still have time to move the crap off the PC : ------ Any man who hates dogs and loves whiskey can't be all bad. Anyone who hates Dogs and Kids Can't be All Bad. Hey! Who took the cork off my lunch??! Who stole the cork from my breakfast? Now don't say you can't swear off drinking, it's easy. I've done it a thousand times. Horse sense is the thing a horse has which keeps it from betting on people. If at first you don't succeed, try, try, again. Then quit, no use being a damn fool about things. Madam, there's no such thing as a tough child - if you parboil them first for seven hours, they alwa...

Break The Chains And Be Your Own Person With RSS

Image
We like to think that information ("content") on the Web comes at us from every angle and at speeds that our poor brains just can't take, stooooppp, it's all too much. Nope, most people get small amounts of Web information in very limited ways, Facebook, YouTube, maybe Twitter (ick) or something more wholesome but similar like Bluesky or Mastodon. You'll likely also get messages (through something) with a link to something wonderful and glorious, but I'd say that's mostly it for the vast unwashed. You, are much better than those ignoramus though, and also visit the BBC, RNZ, Stuff, or some other old skool media website (or app, different but same). I applaud you, but what about all those other websites that you like the look of but forgot. You should be using an RSS reader ... yup! This conduit is anti-lock-in, it works for nearly the whole internet. It is surveillance-resistant, far more accessible than the web or any mobile app interface. It is my secre...

Curtains Of Water

Image
The wind was perfect to cause the Carter Fountain - did you know that was it's name - to create these fantastic 'curtains' of water.

Where Are The Boyles In The UK?

Image
Further to my Who Are The Boyles? post, this website is great to find out where your surname is in the UK. https://named.publicprofiler.org/

Regulatory Standards Bill: Submission Guidance & Assistance [Updated]

Image
*phew*, this is hard work. Unlike the Treaty Principles Bill which has a tonne of templates and publicly available submissions for you to copy/amend/submit, the Regulatory Standards Bill has very little out there. Update 14-Jan-2024: Did I Miss The Submission? (spoiler, no ) -------- Submission form:  https://consultation.regulation.govt.nz/rsb/have-your-say-on-regulatory-standards-bill/consultation/intro/ Email your submission to:  RSBconsultation@regulation.govt.nz More: Explanation & Submission [Updated] What Is A "Person" [Update 8-Jan-2024] Emily Writes (Jan 06, 2025) being awesome, OK fine, what submissions do I have to make FFS?! , "Don't worry - I got you. Here's everything you need in one place!" : Bill: The Regulatory Standards Bill Do it by: 13 January 2024. Why should I care? This bill is the twin to the Treaty Principles Bill. So much so that you can use your submission for that bill as the template to this one. It has been described as: Th...