As one of the most popular messaging services on the market, Apple’s iMessage is an industry benchmark. If you’ve already purchased an iPhone, iPad, or Mac, it’s easy to use with each other. At the same time, Google hopes to join forces with operators to attract more users through the Rich Communications Service (RCS), which clearly relies on Android’s huge market share. Unfortunately, over the years, security is still a short board for Google RCS.
(From: Google, via BGR)
Not only does RCS not have end-to-end encryption like iMessage, but it has proven to be a huge concern for user privacy and data security, as security researchers have spent.
The first problem with RCS, sRLabs researchers explained to Motherboard, is the lack of uniformity in security measures. User data is at risk of being compromised because RCS can be used in some markets to display text messages and call content, or to locate users.
However, this problem does not stem from the RCS standard itself, but from the way mobile operators implement it. RCS is designed to provide a rich sMS experience comparable to iMessage and become the default messaging app on Android smartphones.
Apple has yet to announce its support for RCS, so only Google is pushing it unilaterally. “Everyone seems to be making mistakes in different ways, which is a step backwards for many networks,” says security researcher Karsten Nohl.
Obviously, some carriers identify users through IP addresses, which is how they provide profiles. But Nohl explains, “Any application you install on your phone can request a call to the file even if you don’t grant any permissions.”
As a result, each app can get the username/password of a voice caller known as a text message, which is a pretty unexpected bug.
In addition, operators authenticate RCS users by sending six-digit verification code text messages, without limiting the number of attempts, resulting in violence by attackers to crack security codes.
With a million attempts completed in five minutes, an attacker can also successfully touch an RCS profile in the same short period of time. Fortunately, GSMA and operators are aware of these issues and may be taking remedial action.
It is important to note that while SRLabs does not disclose details, some of these vulnerabilities can still be exploited by malicious actors, after all, as up to 100 mobile operators have RCS enabled. Interested friends can keep an eye out for the European Black Hat Conference in December.