SMS is not a completely secure technology and therefore using SMS for communicating sensitive messages could have severe consequences if the message was intercepted,. The technology is adequately secure for a number of purposes such as chat between friends or colleagues, news alerts and entertainment or informational content. For these purposes the use of SMS is appropriate.
In reality the uses to which SMS are put are many and it is often too convenient a technology that leads to its use being inappropriate for some purposes.
The vertical sectors that can benefit the most from secure mobile messaging and to whom disclosure of a message can potentially be catastrophic are financial, law enforcement, government and aviation. Even although most benefit is typically achieved by theses sectors, secure mobile messaging also has a strong place across most most organisations.
Why is SMS not secure? There are a number of stages at which an SMS message can be intercepted. GSM addresses some of these stages but none sufficiently to deliver complete security. For a message being sent between two mobile users belonging to two different mobile networks the stages are: (1) air interface, (2) transmission links and switches, (3) SMSC platform, (4) transmission links and switches (origin network), (5) transmission links and switches (destination network) and (6) air interface. The air interfaces in stages (1) and (6) are typically secured using A5/1 or A5/3 encryption, the latter being less common but increasing in usage, however it is possible to intercept SMS to or from a specific handset if you are using the same cell as the target handset. Once the message is away from the air interface the message is being passed unencrypted through infrastructure forming the rest of an operator's network and through infrastructure belonging to other parties. It is when a message is traversing this infrastructure that it is at its most vulnerable, and where a sensitive message has the potential to be disclosed.
All it takes is an employee of a mobile operator with access to the relevant equipment or links to "open up" your message and read it. There have been cases in the past where mobile network engineers have snooped on SMS messages without authorisation. Such casual snooping can be easily hidden as being related to a legitimate task so as to not arouse suspicion. SMS messages have even been illegally snooped on by government officials.
