Don't Use SMS for Confidential Communication

G00111720

Analyst(s):

  Free preview of Gartner research

Summary

A mobile phone operator dismissed two workers for providing copies of a user's Short Message Service (SMS) messages to a friend. The case shows why enterprises should not send private messages via SMS.

News Analysis

Event

On 19 November 2002, Philip Nourse, a university student in England, was sentenced to five months in prison for obtaining personal data, performing unauthorized modification of a computer program and harassment. Among other activities, he posted highly personal information to his ex-girlfriend's Web space on the "Friends Reunited" site, and persuaded two friends at the mobile phone operator mmO2 to send him copies of her SMS communications. mmO2 dismissed the two employees.

Analysis

This event highlights two important points for anyone using consumer technologies such as SMS for business purposes:

  • SMS is not a secure environment.

  • Breaching security often occurs more easily by concentrating on people rather than technology.

The contents of SMS messages are known to the network operator's systems and personnel. Therefore, SMS is not an appropriate technology for secure communications. Most users do not realize how easy it may be to intercept. Also, in this case, it would likely have been relatively complex to hack into mmO2's systems from an external source to obtain the content of SMS messages. But finding staff privileged to look at the SMS messages and persuading them to reveal the contents proved easier.

This incident illustrates the reservations Gartner has already expressed about security in U.K. trials of SMS voting in local elections held in May 2002. We advise European enterprises, including governments, to issue immediate guidelines that staff should not use SMS for any confidential communication. Enterprises seeking secure communication channels to mobile employees should consider encrypted e-mail channels such as those provided by virtual private networks or devices, such as the BlackBerry by Research in Motion, which have additional security features. To minimize the likelihood of future interceptions, mobile operators should also review their procedures that allow staff access to the texts of SMS message.

Analytical Source: Nick Jones, Gartner Research

Recommended Reading and Related Research

(You may need to sign in or be a Gartner client to access all of this content.)

© 2002 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

Contact us online

  Research

More  

  Webinars

More  

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more