Researchers from SRLabs, working in the field of information security, reported that they were able to identify a number of vulnerabilities in the implementation of the Rich Communication Services (RCS) standard, which are used by telecom operators around the world. Recall that the RCS system is a new messaging standard that should replace SMS.
The report says that the discovered vulnerabilities can be used to track the location of the user's device, intercept text messages and voice calls. One of the problems found in the RCS implementation of an unnamed carrier can be used by applications to remotely download the RCS configuration file to your smartphone, thus elevating the program's privileges on the system and opening access to voice calls and text messages. In another case, the issue involved a six-digit verification code sent by the carrier to verify the user's identity. An unlimited number of attempts were provided for entering the code, which can be used by attackers to select the correct combination.
The RCS system is a new messaging standard and supports many of the features provided by modern messengers. And while researchers at SRLabs have not identified any vulnerabilities in the standard itself, many weaknesses have been found in how telecom operators use the technology in practice. According to some reports, the implementation of RCS is currently carried out by at least 100 telecom operators around the world, including in Europe and the United States.
Source: 3dnews.ru