German security company SRLabs has recently discovered a serious security breach that could replace SMS. According to their findings, the RCS protocol has a vulnerability that allows your data to be intercepted.
Hackers could exploit this vulnerability locally or remotely. Among the information they can intercept, we have unique codes that are sent by message in two-factor authentication systems.
One of the applications of these unique codes is in the authorization of bank transactions. This means that in extreme cases your bank details could be compromised due to this vulnerability.
Android messaging should improve your domain verification system
As SRLabs points out, the most popular application supporting RCS technology is currently Android Messaging. According to its findings, this application does not properly verify domains.
This means that miscreants can spoof caller ID or DNS. Something that could mislead users and provide information they shouldn’t.
Coincidentally or not, Google revealed this week that it will accredit message senders in your app. The idea is for companies to register their contact numbers with Google so that they can validate them when communicating with users. A measure that will certainly reduce the impact of this vulnerability.
What is RCS and its differences from SMS
The acronym RCS stands for Rich Communication Service. Briefly, this protocol allows messages to be sent over the internet. The SMS protocol uses cellular networks to send messages.