Security researchers at SRLabs are sounding the alarm that telecos are implementing the Rich Communication Services (RCS) standard in ways which allow phone networks to be attacked.
Joseph Cox, writing for Vice’s Motherboard »
SRLabs estimated RCS is already implemented by at least 100 mobile operators, with many of the deployments being in Europe. SRLabs said that all the major U.S. carriers—AT&T, T-Mobile, Sprint, and Verizon—were using RCS.
SRLabs didn’t find an issue in the RCS standard itself, but rather how it is being implemented by different telecos. Because some of the standard is undefined, there’s a good chance companies may deploy it in their own way and make mistakes.
“Everybody seems to get it wrong right now, but in different ways,” Nohl said. SRLabs took a sample of SIM cards from a variety of carriers and checked for RCS-related domains, and then looked into particular security issues with each. SRLabs didn’t say which issues impacted which particular telecos.
Read the whole article at Motherboard »
More » SRLabs, The Verge
Paul Thurrott »
Google is done waiting for U.S. carriers to roll out Rich Communication Service (RCS) text messaging in its Android Messaging app.
RCS is an open messaging standard designed to put non-iPhone handsets on equal footing with Apple’s offering. It lets you chat over Wi-Fi or mobile data, send and receive higher-resolution photos and videos than is possible with MMS, and see whether recipients received your sent messages. It also enables more functionality for group chats.
The RCS issue came to a head in the wake of the launch of the Pixel 4, which is the first Google handset to be offered by all four major U.S. carriers. But none of the carriers enabled RCS messaging on their networks, preferring instead for customers to use their own messaging services.
So Google is now doing what it does elsewhere in the world: It is simply bypassing the carriers and offering RCS messaging via its own servers.
Read the rest of the article on Thurrott.com »
More » Android Central, ZDNet, Ars Technica