New tech, new problems.
A lot of text messaging services utilize SMS, or “short messaging services,” to send and receive messages. As far as simple text is concerned, SMS works fine, which is why most carriers use it. However, for things like images, videos, or animated GIFs and stickers, SMS can’t really handle it. This is why some carriers have begun switching to “rich communication services,” or RCS, instead. RCS can do pretty much all that stuff I just mentioned without any notable increase in data or decrease in speed. However, since RCS is a relatively new thing, there are, of course, some potential bugs that could rear their ugly heads.
According to security research firm SRLabs, commercial RCS messaging has a number of vulnerabilities that could be exploited by unsavory parties. For example, a malicious app could download your RCS config file, which would give it easy access to your username and password, which in turn would leave your call and text data right out in the open. Identity verification codes sent by carriers to users could also be intercepted, or even brute-force guessed by third-parties, which could lead to identity theft.
To be clear, these issues aren’t inherent with RCS messaging itself. Rather, the problem is how carriers are planning on rolling it out. SRLabs found these vulnerabilities in RCS builds that would be utilized by several major carriers in the US, as well as over a hundred around the world.
SRLabs will be presenting their findings on this matter at the Black Hat Europe conference in December. Hopefully, carriers will take this matter seriously before they consider mass-deployment.