The Future of Texting is Far Too Easy to Hack
upstart writes in with a submission, via IRC, for chromas.
The Future of Texting Is Far Too Easy to Hack
Ask practically any phone carrier, and they'll tell you that the future of smartphone features from texting to video calls is a protocol called Rich Communication Services. Think of RCS as the successor to SMS, an answer to iMessage that can also handle phone and video calls. Last month, Google announced that it would begin rolling RCS out to its Messages app in all US Android phones. It's easy to imagine a near-future where RCS is the default for a billion people or more. But when security researchers looked under the hood, they found the way carriers and Google have implemented the protocol creates a slew of worrying vulnerabilities.
At the Black Hat security conference in London today, German security consultancy SRLabs demonstrated a collection of problems in how RCS is implemented by both phone carriers and Google in modern Android phones. Those implementation flaws, the researchers say, could allow texts and calls to be intercepted, spoofed, or altered at will, in some cases by a hacker merely sitting on the same Wi-Fi network and using relatively simple tricks. SRLabs previously described those flaws at the DeepSec security conference in Vienna last week, but at Black Hat also showed how those RCS hijacking attacks would work in videos like the one below:[*]
SRLabs founder Karsten Nohl, a researcher with a long track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7, the decades-old phone system carriers still used for calling and texting, which has long been known to be vulnerable to interception and spoofing attacks. While using end-to-end encrypted internet-based tools like iMessage and WhatsApp obviates many of those of SS7 issues, Nohl says that flawed implementations of RCS make it not much safer than the SMS system it hopes to replace.
"You're going to be more vulnerable to hackers because your network decided to activate RCS," says Nohl. "RCS gives us the capability to read your text messages and listen to your calls. That's a capability that we had with SS7, but SS7 is a protocol from the '80s. Now some of these issues are being reintroduced in a modern protocol, and with support from Google."
[*] YouTube Link.
Read more of this story at SoylentNews.