ARCHIVE
ID Number: FT-18-9298



This research is provided for historical perspective;
portions of this document may not reflect current conditions.





Don't Use SMS for Confidential Communication
26 November 2002
 
Nick Jones  

A mobile phone operator dismissed two workers for providing copies of a user's Short Message Service (SMS) messages to a friend. The case shows why enterprises should not send private messages via SMS.











Contact Gartner






Download Document:

PDF
dont_use_sms_fo...pdf (84.9KB)

Help with Downloads



News Analysis

Event

On 19 November 2002, Philip Nourse, a university student in England, was sentenced to five months in prison for obtaining personal data, performing unauthorized modification of a computer program and harassment. Among other activities, he posted highly personal information to his ex-girlfriend's Web space on the "Friends Reunited" site, and persuaded two friends at the mobile phone operator mmO2 to send him copies of her SMS communications. mmO2 dismissed the two employees.

Return to Top

Analysis

This event highlights two important points for anyone using consumer technologies such as SMS for business purposes:

  • SMS is not a secure environment.
  • Breaching security often occurs more easily by concentrating on people rather than technology.

The contents of SMS messages are known to the network operator's systems and personnel. Therefore, SMS is not an appropriate technology for secure communications. Most users do not realize how easy it may be to intercept. Also, in this case, it would likely have been relatively complex to hack into mmO2's systems from an external source to obtain the content of SMS messages. But finding staff privileged to look at the SMS messages and persuading them to reveal the contents proved easier.

This incident illustrates the reservations Gartner has already expressed about security in U.K. trials of SMS voting in local elections held in May 2002. We advise European enterprises, including governments, to issue immediate guidelines that staff should not use SMS for any confidential communication. Enterprises seeking secure communication channels to mobile employees should consider encrypted e-mail channels such as those provided by virtual private networks or devices, such as the BlackBerry by Research in Motion, which have additional security features. To minimize the likelihood of future interceptions, mobile operators should also review their procedures that allow staff access to the texts of SMS message.

Analytical Source: Nick Jones, Gartner Research

Recommended Reading and Related Research

(You may need to sign in or be a Gartner client to access all of this content.)

Return to Top



© 2002 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The conclusions, projections and recommendations represent Gartner's initial analysis. As a result, our positions are subject to refinements or major changes as Gartner analysts gather more information and perform further analysis. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 379178