"Bad RCS Implementations Are Creating Big Vulnerabilities"
There are multiple vulnerabilities associated with how the new messaging standard aimed at replacing SMS (Short Message Service) is being implemented by carriers. In some instances, carriers' implementation of the communication protocol, RCS (Rich Communication Services), creates major vulnerabilities that could be exploited by attackers to track a user's location, intercept messages, spoof phone numbers, and more. In one case, a carrier's implementation of RCS allowed an app to download a user's RCS configuration file, which enabled the app to have access to voice calls and text messages. In another case, researchers discovered that the six-digit code used by a carrier for user identity verification could be guessed through the execution of a third-party brute-force attack. This article continues to discuss the aim of RCS, the vulnerabilities being created by the way carriers are implementing RCS and GSMA's response to the RCS implementation issues discovered by researchers.
The Verge reports "Bad RCS Implementations Are Creating Big Vulnerabilities"