Replacing the regular SMS with the RCS or Rich Communication Services is making users vulnerable to text-based attacks, call interception, location tracking, and more, according to new research.
RCS (Rich Communication Services) standard is a replacement for SMS that will include features such as read receipts, the ability to send media, etc.
While the new SMS standard is not inherently flawed, researchers at SLabs states that carrier networks are exposing users to a number of security threats as they are implementing RCS on a big scale.
Since there is not a unified standard, large telecom companies might employ it differently and make mistakes in the process, writes Vice.
What is RCS?
RCS is a protocol that will soon replace the standard SMS. While it came into existence in 2007, it barely got any recognition until 2018, when Google announced that it is working with major carriers to bring RCS protocol to Android devices.
The new standard will enable users to start group chats, send high-resolution images, audio — essentially all the features of popular chat services such as iMessage and WhatsApp.
What’s the issue?
For the research, the SLabs team took sample SIM cards of different carriers and looked for RCS-related domains. Further, the team tried to find security flaws in each.
The researchers discovered issues in how telecoms send the RCS configuration files to devices. For example, a server provides the exact configuration file by identifying the IP addresses.
Karsten Nohl from SLabs told that any app could request the file, with or without permissions, since they also use the IP address. “So now every app can get your username and password to all your text messages and all your voice calls.”
The researchers also found security lapses in the authentication process. For instance, a telecom sends a unique authentication code to verify the identification of the RCS user. Since the carrier gives an “unlimited number of tries,” bad actors can bypass the authentication with unlimited attempts.
Carrier networks response
When asked to comment, Vodafone assured users it would take security measures to protect the RCS services. Meanwhile, AT&T and Sprint directed the concerns to the GSM Association (a trade body for telecoms)
GSM told Vice that while they appreciate the efforts made by SLabs to the public the security issues; however, the research includes “no new, vulnerabilities” that the body wasn’t aware of.
The SLabs researchers will report their findings in the Black Hat December conference in Europe.