Operators are incorrectly implementing SMS replacement. It is dangerous for the privacy of users.

[Tomcat]

The new inline messaging standard is gradually being introduced in the United States and Europe, but operators do it at random, which sometimes poses privacy risks to users.

Security Research Labs, which deals with cybersecurity, reported on the security threat in the implementation of RCS (Rich Communication Services), and TJ drew attention to the publication.

SRLabs researchers reported that sometimes operators incorrectly send the RCS configuration to the smartphone, which is why any application on the device will be able to request a username and password and read / listen to all messages / calls in the messenger. The researchers also found cases when, to authorize in the RCS messenger, the operator sends the user a six-digit code that can be entered an unlimited number of times. According to SRLabs' Carsten Noll, you can try to enter this code 1 million times in 5 minutes, which increases the likelihood of a hack.

SRLabs will present a detailed report on vulnerabilities in the implementation of RCS in December 2020. The RCS standard has already been implemented by 100 operators around the world, including the largest companies - Verizon, Vodafone, AT&T, T-Mobile. The standard was also supported by Russian operators of the Big Four.

How does RCS differ from SMS and messengers?
RCS is a new messaging standard, first introduced in 2012, and will be implemented as a built-in messenger on Android devices. RCS will allow you to do everything that can be done in instant messengers, but not in SMS - send files, create group chats, make video and audio calls. For the RCS messenger to work properly with audio and video calls, you need the Internet, you can send text messages without it. To use the RCS messenger, you need a username and password. The main advantage of the built-in messenger may be its versatility - Android users will be able to communicate through it without switching between different messengers, as is the case now.

Is it promising?
Due to the fact that RCS will be implemented by cellular operators that are almost powerless against governments, it will most likely lack end-to-end encryption. The popularity of the technology is questioned by the fact that it is not supported by Apple, which is not going to abandon its similar service iMessage. The main beneficiaries of the introduction of RCS, in a successful scenario, will be Google and mobile operators, which will attract part of the audience of familiar messengers to their service. The outlook for RCS is pretty dim today.