If you didn’t know how easy it was for hackers to grab information off of your smartphone before, you should now.
The Intercept reported earlier this week that the National Security Agency (NSA) and the British equivalent spy agency GCHQ had allegedly hacked into and stole information from millions of SIM cards produced by the Dutch company Gemalto. This may have given both agencies access to phone communications around the world and should serve as a warning to all that we need to protect our smartphones.
The good news is that the technology already exists to protect your text and phone messaging data. “Encrypted text messaging and phone systems are so easy to protect that we all have an obligation to secure ourselves,” American Civil Liberties Union senior policy analyst Chirs Soghoian told TechCrunch over the phone.
Soghoian believes it would be irresponsible to tell people the government might be hacking into their private information and then not give them the tools to protect themselves. So he hopped on the phone with me to go through some of the free tools we already have at our fingertips to protect our private information.
Apple doesn’t market iMessage or FaceTime this way, but according to Soghoian, both are very secure means of sending information. “FaceTime is portrayed as a tool to talk to your kids at night before they go to bed, but it’s actually pretty secure for audio and video use,” he says. The other Apple product Soghoian recommends is iMessage. “Apple encrypts the iPhone to iPhone messaging to the point where it can’t un-encrypt the data. So even if the government wanted that information and demanded it from Apple, Apple doesn’t have it,” he says.
Apple supported Soghoian’s recommendations and confirmed with TechCrunch that it has built-in privacy and security measures on both FaceTime and iMessage, but also iCloud data.
Soghoian recommended WhatsApp as an alternative secure texting platform for those with Android phones, but said the same security measures did not exist on WhatsApp for iPhones (we have reached out to but not confirmed this with WhatsApp). “[WhatsApp] isn’t perfect, but it’s about 90 percent there,” he says.
The senior policy analyst wasn’t very positive on most of the other technology tools out there, but Signal was an app that stood out for him. This is an open-source, secure text messaging system that was developed on tax payer dollars and built on the Open Whisper Systems, the same system that was used for the Android app technology behind WhatsApp.
Signal, also known as TextSecure on Android, is a free app and one of the few that works across platforms. It is also, in Soghoian’s opinion, easy to navigate and the most secure. When Signal is used with an app called RedPhone it can also encrypt your phone calls from end-to-end. RedPhone works the same way with TextSecure.
But even with greater encryption, nothing is 100 percent secure. “If someone wants to target you, be it the NSA or your boyfriend they can hack into your device,” Soghoian says.
The idea isn’t to rely on one app to encrypt all data and call it good, but to know the risks, not put things on any device you don’t want getting out somehow, and to make it a lot harder for hackers to get your information. For Soghoian, the point is to make it too difficult for the government to hack into the wide swath of readily available information of innocent civilians and instead focus its energy on the bad guys.
“These tools aren’t bullet proof but they are a million times more secure than what the phone company offers,” Soghoian says.