As messaging apps like WhatsApp, Signal and Telegram have started to steal the revenues of telecom operating from SMS texting; Android has introduced an answer to it with its Rich Communication Service (RCS) which is in lines to Apple’s hybrid iMessage platform.
As this messaging service is enabled by default on billions of android devices, it can shake up the Over-the-Top service providers to the core. However, security experts from Germany based SRLabs say that RCS can expose its users to hackers as it lacks end-to-end encryption. Also the GSMA- the mobile industry’s trade association seems to be against the introduction of RCS as it can affect the revenues of the telecom operators to a certain extent.
Keeping aside the perspective of GSMA, researchers from Cybersecurity firm SRLabs claim that the RCS client of android messaging service lacks sufficient domain and certification validation and so it allows hackers to infiltrate and manipulate communication streams through a DNS spoofing attack or a caller ID spoofing which was also a challenge to OTT platforms till 2017.
Therefore, we can come to the conclusion that the new RCS SMS technologies are prone to a man-in-the-middle attack
Although there is a way to counter these problems by addressing RCS deployments with risk mitigation in mind, it’s not that easy when it comes to implementation and configuration say, experts.