Vulnerabilities in Rich Communication Service (RCS)

[German]Security researchers from Berlin found vulnerabilities in the SMS successor Rich Communication Service (RCS). The good news is, that this mobile protocol service is not widely used yet. What is bad is that all messages, video and voice sent via RCS can be intercepted or manipulated.


Rich Communication Service (RCS)

Rich Communication Service (RCS) is a standard for mobile messaging service provided by mobile operators. The technology enables, among other things, short messages, chat, group chat, video telephony and the transmission of location information, voice and files. RCS is considered the successor to SMS, but can send videos and voice, and is sponsored by Google. However, RCS is not yet very widespread and has been implemented on a trial basis by mobile phone companies for 10 years.

The RCS Vulnerabilities

There are vulnerabilities in RCS that could potentially attack millions of smartphone users worldwide. The vulnerabilities have been discovered by Luca Melette and Sina Yazdanmehr of the Berlin-based IT security company SR Labs. As German magazine Süddeutsche Zeitung and Vice reports, it is possible to read messages sent via RCS, listen to telephone calls or even determine the user’s location via the weak points. It should even be possible to send messages in the name of a victim..

(Source: Pexels Markus Spiske CC0 Lizenz)

The vulnerabilities can be attacked on specific, modern smartphones. According to the reports, German networks are well protected with passwords against reading messages. However, it should also be possible to track a rough location without a password. Furthermore, according to the reports, at least one of the approximately 80 mobile phone providers worldwide that offer RCS uses passwords that are too short.

Simple infection of victims

The attacks mainly work via WLAN, where an attacker sets up a fake hotspot. If victims try to dial into a public wireless network and log into the attacker’s hotspot, it is already too late. When the victim visits a website, the attackers redirect the request to their own website. The victim sees the website he is visiting, but the system is infected by a malware infiltrated by the attackers via the fake site.


The attackers can then use the malware to access the configuration file of the RCS network and subsequently redirect the victim’s communication to their own computer and thus also track it. This breaks through the protection of access or transactions via RCS. An account reset password for online accounts, a TAN for postings to bank accounts via RCS message is therefore insecure. The attackers can not only read these messages but also pretend whether the victim is able to see the RCS messages at all. The removal of these vulnerabilities can take months. Details on this topic can be found in this linked articles.


This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *