Ask practically any phone carrier, and they'll tell you that the future of smartphone features from texting to video calls is a protocol called Rich Communication Services. Think of RCS as the successor to SMS, an answer to iMessage that can also handle phone and video calls. Last month, Google announced it would begin rolling RCS out to its Messages app in all US Android phones. It's easy to imagine a near-future where RCS is the default for a billion people or more. But when security researchers looked under the hood, they found the way carriers and Google have implemented the protocol creates a basket of worrisome vulnerabilities.
At the Black Hat security conference in London on Tuesday, German security consultancy SRLabs demonstrated a collection of problems in how RCS is implemented by both phone carriers and Google in modern Android phones. Those implementation flaws, the researchers say, could allow texts and calls to be intercepted, spoofed, or altered at will, in some cases by a hacker merely sitting on the same Wi-Fi network and using relatively simple tricks. SRLabs previously described those flaws at the DeepSec security conference in Vienna last week, and at Black Hat also showed how those RCS hijacking attacks would work in videos like the one below:
[embedded content]
SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than ..
Support the originator by clicking the read the rest link below.
