RCS vulnerabilities can help a hacker take control of your bank account

Rich Communication Service, or RCS, is the next generation in wireless messaging. Unlike SMS/Text, which uses a wireless operator's cellular connection, RCS runs through a carrier's data network. This allows messages to be sent over Wi-Fi when possible. It also will lead to an increase in the number of characters allowed per message to 8,000 from the 160 cap that text has. In addition, RCS issues "read receipts" so that users know when their message has been read by the recipient. And when someone is typing a response to an RCS dispatch, a three-dot indicator will let a user know that an incoming message is being composed. Group messages with up to 100 participants can take place, and larger files containing images and videos can be shared.
Hackers using vulnerabilities found on RCS can steal one time passwords and make changes to users' online accounts
SRLabs found that through RCS, hackers can track users and verify if they are online. Spoofing caller ID, the hackers can pretend to be someone else. The vulnerabilities in the platform can allow a bad actor to hijack a one-time password sent by SMS; this could allow an unauthorized bank transaction to be approved, or help transfer the control of an account to a hacker. The report notes that "The underlying issue is that the RCS client, including the official Android messaging app, does not properly validate that the server identity matches the one provided by the network during the provisioning phase. This fact can be abused through DNS spoofing, enabling a hacker to be in the middle of the encrypted connection between mobile and RCS network core."
SRLabs says that the vulnerabilities can be corrected. Some of the suggestions include the use of "strong" one time password codes, and employing information from a user's SIM card to authenticate the user. The RCS client being employed (for example, the Android Messages app) should connect only to trusted domains and validate certificates.
If RCS is going to live up to its potential, the vulnerabilities need to be patched. And that is especially true if the carriers plan on monetizing it. Consumers are going to want to use a messaging app that they can trust and at this point, it isn't clear that RCS can be fully trusted.
14 Comments
1. RevolutionA
Posts: 481; Member since: Sep 30, 2017
posted on Nov 29, 2019, 10:36 PM 0
3. nikhil23
Posts: 500; Member since: Dec 07, 2016
posted on Nov 30, 2019, 12:20 AM 5
6. ahmadkun
Posts: 664; Member since: May 02, 2016
posted on Nov 30, 2019, 3:26 AM 3
17. Jcrosby454
Posts: 6; Member since: Mar 25, 2019
posted on Nov 30, 2019, 10:11 PM 0
2. perry1234
Posts: 654; Member since: Aug 14, 2012
posted on Nov 29, 2019, 10:58 PM 1
4. BL4NKF4CE
Posts: 151; Member since: Aug 06, 2017
posted on Nov 30, 2019, 12:38 AM 1
5. yalokiy
Posts: 1113; Member since: Aug 01, 2016
posted on Nov 30, 2019, 2:24 AM 1
15. BL4NKF4CE
Posts: 151; Member since: Aug 06, 2017
posted on Nov 30, 2019, 7:25 AM 2
24. yalokiy
Posts: 1113; Member since: Aug 01, 2016
posted on Dec 01, 2019, 5:30 AM 0
25. BL4NKF4CE
Posts: 151; Member since: Aug 06, 2017
posted on Dec 01, 2019, 4:23 PM 0
26. yalokiy
Posts: 1113; Member since: Aug 01, 2016
posted on 16 hours ago 0
10. GodKnowsAll
Posts: 30; Member since: Oct 12, 2012
posted on Nov 30, 2019, 5:28 AM 0
22. Jcrosby454
Posts: 6; Member since: Mar 25, 2019
posted on Nov 30, 2019, 10:32 PM 0
19. Jcrosby454
Posts: 6; Member since: Mar 25, 2019
posted on Nov 30, 2019, 10:20 PM 0
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Comments Options
Report Post
Send a warning to post author
Send a warning to Selected user. The user has 0 warnings currently.
Ban user and delete all posts
Message to PhoneArena moderator (optional):