With the rise of instant messaging applications such as WhatsApp, Signal, and Telegram. A large number of similar applications have begun to steal telecommunications business revenue from SMS services. Recently, Android has launched a solution, namely its Converged Communications Service (RCS). It is understood that the service is consistent with Apple’s hybrid iMessage platform.
Since the service will be enabled by default on billions of android devices, the relevant top service providers will become crucial and the benefits it will bring are also considerable. But researchers at German cybersecurity company SRLabs said that RCS lacks end-to-end encryption and therefore exposes its users to hackers. In addition, the Mobile Industry Association GSMA is also opposed to the introduction of RCS because it may affect the telecommunications operator’s revenue to some extent.
Researchers at SRLabs also stated that the RCS client of the Android messaging service lacks sufficient domain and certificate verification, so it can allow hackers to penetrate and manipulate communication flows through DNS spoofing attacks or caller ID spoofing.
In summary, it is certain that the new RCS SMS technology is vulnerable to man-in-the-middle attacks. Experts say that although RCS deployment can be solved by considering risk mitigation, it is not so easy to implement and configure.