Ask Practical Any Phone Carrier, and they'll tell you that it's a Rich Communication Services call. Think of RCS as the successor to SMS, answer to iMessage that can handle phone and video calls. Last month, Google announced that it would start rolling RCS out of its Android Messages app. RCS is the default for a billion people or more.
At the Black Hat security conference in London today, German security consultancy SRLabs demonstrates a collection of problems in how RCS is implemented by both phone carriers and Google in modern Android phones. Those implementation flaws, the researchers say, could be intercepted, spoofed, or altered at will, in some cases by a hacker sitting on the same Wi-Fi network and using relatively simple tricks. SRLabs previously described those flaws at the DeepSec security conference in Vienna last week, but at Black Hat
SRLabs founder Karsten Nohl, a researcher with a long track record SSS, the decades-old phone system carriers are still used for calling and texting, which has long been known to be vulnerable to interception and spoofing attacks. SMS uses it to replace the SMS system.
"You RCS, "says Nohl. SS7 is a protocol from the 80s with support from Google. "
The RCS rollout still has a ways to go, and will continue to be patched with Google's backing. Some Android manufacturers use proprietary messaging apps as the default rather than the stock messages app, and most carriers push their own versions as well. The iPhone does not support it at all, and Apple has no indication that it wants. But as RCS rolls out more broadly, its security issues merit attention-especially since it's those implementations that create problems in the first place.
The SRLabs videos demonstrate a grab bag of different techniques to exploit RCS problems, all of which are caused by either Google's or one of the phone carriers' flawed implementations. The video above, for instance, shows that it has a RCS server with its unique credentials, the server uses the phone's IP address and phone number. That means an attacker who knows the victim's phone number and who is on the same Wi-Fi network-anyone from a coworker in the same corporate office at the Starbucks-can .