A vulnerability was discovered in how to implement the standard RCS operators

Обнаружены уязвимости в способах реализации стандарта RCS операторами связи

The researchers from SRLabs working in the field of information security, reported that they were able to identify a number of vulnerabilities in the deployment of Rich Communication Services (RCS), which are used by operators in different countries. We will remind, the RCS represents a new standard of messaging which will replace SMS.

The report says that the discovered vulnerability can be used to track the location of a user device, intercept text messages and voice calls. One of the problems discovered in the implementation of the RCS unnamed operator, can be used by applications for remote download of the configuration file RCS on your smartphone, thus increasing the benefits of the program in the system and opening access to voice calls and text messages. In another case the problem concerned the six-digit verification code, which the operator sent to check the identity of the user. The code provided an unlimited amount of attempts that could be exploited by attackers for the selection of the correct combination.

The RCS represents a new standard of messaging and supports many of the features provided by the modern messengers. Although the researchers from SRLabs did not reveal any vulnerabilities in the standard, it was found significant weaknesses in how the operators use the technology in practice. According to some, the RCS implementation is currently carried out not less than 100 Telecom operators around the world, including in Europe and the United States.

Share