The move to replace SMS with RCS messaging standard by leading mobile carriers may have hit a brick wall, as its making mobile users vulnerable to call interception, text-based attacks, location tracking, and other security threats, according to security researchers.
While the RCS standard was officially adopted by GSMA in 2008 with a Steering Committee established, the GSMA later then entered into partnership with Google and 15 other global carriers to push the adoption of the Rich Communication Services (RCS). Now, the leading mobile carriers are working with interest groups and other connected mobile companies to deploy the new messaging standard in text messaging app for Android phones.
Though the RCS standard isn't inherently flawed, but the fact that network carriers are implementing RCS on a big scale exposes mobile users to several security threats.
According to researchers at SLabs, there are flaws in how the telecoms forward the RCS configuration files to Android devices, which flaws stems from the exaction of the configuration file by identifying the IP addresses, as such any app is capable of requesting for the file, with or without permission, using the IP address.
In other words, what that means is that such apps can easily get the username and password for all your messages and voice calls.
Besides this, there are security lapses in the authentication process, the telecom simply sends a unique authentication code to verify the identity of the user, but since the carrier allows an “unlimited number of tries” that can enable hackers to bypass the authentication with several attempts.
Also, the RCS-based messages are not end-to-end encrypted, and of course Apple, one of the leading mobile player, have shown no interest in RCS as it already has more than the technology has promised with the iMessage. Therefore, how to get the standard to be compatible with the iPhone remains an issue.
These points may have hindered the general adoption of the standard, coupled with mobile carrier and phone maker's complicated policies, and the fact that service providers are offering to implement non-universal specifications for RCS standard, which limits the RCS-based messages only to subscribers of the networks.