Super-secure SMS service better protected than Tor

Companies could soon use texts to send private, personal information, after researchers discovered a way of making these messages more secure and untraceable than ever before.

Typically, SMS is used to send ‘lighter’ information, such as appointment reminders, delivery information or news on a certain product or service. However, the work of a team from the Massachusetts Institute of Technology (MIT) could mean texts will soon be the ideal way to send more sensitive information, such as banking information, password reminders or test results.

To create their super-secure text system, the MIT researchers teamed up with the Qatar Computing Research Institute (QCRI) to try and hack the notoriously secure Tor network. Eventually they managed to identify hidden servers with up to 88 per cent accuracy.

This was achieved by looking for patterns in the number of packets being passed through Torn nodes in each direction. Once these patterns were cracked, the team could identify in 99 per cent of cases whether a circuit was for a regular browsing request, an introduction point or a rendezvous point.

Armed with this information, the team was able to create a text messaging system that was more secure than Tor, as it didn’t fall into the same potholes. This system, named Vuvuzela, works by drowning out any visible traffic patterns that would allow third parties to identify trends, as they did with Tor. It works by ensuring all parties send out messages to a ‘dead-drop’ server roughly once a minute. These messages, however, could be duds, thus confusing anyone who tries to work out which are authentic and which aren’t.

To prevent anyone hacking the dead-drop server and finding out which messages are the real ones, the team used not one or even two servers, but three – offering a triple layer of encryption. It means that two servers can be hacked and the system would still be well protected.

Perhaps most interesting is that the system wouldn’t just keep messages secure but also make it impossible to find out whether a message had even been sent or received.

Whilst this is still some way off being rolled out on a commercial scale, and would have a number of legal implications to consider, the research points at an interesting and heavily-encrypted messaging service.

Commenting on the team’s creation, associate professor of computer science and engineering at MIT, Nickolai Zeldovich told “Tor operates under the assumption that there’s not a global adversary that’s paying attention to every single link in the world.

“Maybe these days this is not as good of an assumption. Tor also assumes that no single bad guy controls a large number of nodes in their system. We’re also now thinking, maybe there are people who can compromise half of your servers.”