Course

How to Communicate Securely on Your Mobile Device

Training Code
Topic 4.0
Format
Document
Delivery
On Demand
Location type
Virtual/Online

Description

The Bottom Line

When you use your mobile device to send a text message, call a friend, or send an email, there are steps you can take to ensure that your communications are secure.

To prevent threat actors from accessing your communications, you should:

  1. Use a properly vetted secure messaging app with end-to-end encryption and Voice over Internet Protocol (VoIP) functionality for text messages and voice calls.
  2. Place sensitive information in an encrypted file attachment when you send emails.

You’ll learn what all of this means in the solution section!

Check out “The Problem below to learn more about why the texts, calls, and emails that you send and receive on your mobile device might not be secure … or skip straight to the “The Solution!

The Problem

Text messages and voice calls are vulnerable to interception by threat actors.

Check it out!

Most phones display what cellular network protocol you are using in the upper corner of your device. This can be misleading because even if your phone shows 5G, it can still be communicating across all the older generations, such as 2G or 3G, at the same time. Networks will do this to manage capacity in high-traffic areas, allowing users’ data to go across the faster protocol (i.e., 5G) and voice calls and SMS texts to go across the older protocols (e.g., 2G). Without the use of end-to-end encryption, your network security level may be inconsistent.

If you have a cell phone, you’ve likely heard of 2G, 3G, 4G, and 5G. These are generations of cellular communications protocols. With each successive generation, we’ve benefited from improvements in data speed and security. However, cellular protocols do not provide end-to-end encryption for text messages and voice calls, and you can’t guarantee that your phone is using the most secure protocol.

So, what does this mean for your security? You can’t be entirely sure that your text messages or voice calls are secure. The “Solution” section below provides alternate options for calling and messaging.

Important note: Apple iMessages provide end-to-end encryption, but only when you are communicating with other iOS users. Messages sent via Apple iMessages to non-iOS users are not encrypted, meaning that the contents of those conversations are still vulnerable to interception by a threat actor.

Email messages sent from your phone’s email app or browser may be intercepted by a threat actor.

In addition to your text messages and voice calls, the content of emails sent via your phone’s email app or browser are also vulnerable to interception. While many email service providers may use a form of encryption to protect data traveling across their own network system (e.g., an email sent from one Google account to another), they are unable to ensure its security once it is transmitted from their email service to a different email service provider (e.g., an email from a Google account sent to an Outlook account). The two services may employ encryption for data on their network, but they cannot guarantee the other service will provide the same level of security.

While it is possible to implement other forms of end-to-end encryption to ensure the privacy and security of your emails, the setup process is somewhat advanced. The “solution” section provides alternate suggestions for protecting the privacy and security of email messages if you are unable to implement end-to-end email encryption.

The Solution

Use a secure messaging app for texting and calling on your mobile device.

The best way to protect the privacy and security of your texts and voice calls is to use a secure messaging app. As discussed in Project Upskill Topic 1.4, it is important that you always vet potential apps and services before using them.

Here are some important security features you should look for in a messaging app:

  • End-to-end encryption – This prevents threat actors from accessing the contents of your communications.
  • VoIP – This allows you to make voice calls over the app using its security functions (as opposed to traditional cellular phone calls).
  • Multifactor Authentication (MFA) – This makes it more difficult for threat actors to gain unauthorized access to your secure messages.

Note: The people with whom you correspond will need to download and use the same messaging app.

You can also check out United States Special Operations Command (USSOCOM) Social Media Smart Cards for guidance on how to implement privacy and security features on a number of popular communication apps. If you use your device’s native messaging apps, reference the manufacturer’s guidance so that you know when your messages are (or are not) end-to-end encrypted:

Follow these best practices for sending data more securely over email:

  • Place any sensitive information in a document that can be encrypted with a strong password and attach the document to your email. Use a separate form of secure communication (other than email) to share the password with your intended recipient. For guidance on how to encrypt documents, check out Project Upskill Topic 3.1.
  • If you have to share large amounts of data, you may also want to consider using a cloud-based service that allows you to securely upload, download, and share documents with other users. For more information on these services, check out Project Upskill Topic 4.3.

Takeaways

Do

  • Use a secure messaging app with end-to-end encryption and VoIP functionality for messages and calls.
  • Vet your messaging app to ensure it meets your cybersecurity needs.
  • If you need to send sensitive information via email, place that information in an encrypted document and attach it to the email.

Do Not

  • If you have to use traditional voice calls and text messaging, do not share any sensitive data that could be misused by threat actors.

 

Project Upskill is a product of the Joint Cyber Defense Collaborative.

Prerequisites

  • Module 1: Basic Cybersecurity for Personal Computers and Mobile Devices
  • Module 2: Protecting Your Accounts from Compromise
  • Module 3: Protecting Data Stored on Your Devices
  • Module 4: Protecting Your Data in Transit