As technology evolves, so too does communication. Google, along with many other firms around the world, have begun using Rich Communication Services (RCS). However, RCS and cyber security have quickly become a hot topic -and, for good reason. So, how do RCS and Cyber Security go together? Many technology leaders do not think that RCS is mature enough to replace popular messaging and communication platforms, and researchers have found some dangerous vulnerabilities in RCS technologies that pose major security risks to users. Fortunately, these risks can be reduced if users are implementing good security practices and protocols.
Understanding RCS and RCS Vulnerabilities
Unfortunately, not everyone is good with security practices and protocols, making RCS and Cyber Security a significant concern for companies around the world. To better understand these risks, it is vital to learn what Rich Communication Services actually are.
RCS is a protocol that aims to replace communication forms like SMS. It does this by enabling several services, such as group chats, video, and file transfers, without the need for additional apps or services. It was taken over by the GSM association in 2008, and has been launched by a number of operators – and is commonly associated with Android devices.
Streamlining communication services onto a single device seems like a good idea – and it is – but according to security experts, the RCS protocols allow hackers to perform several cyberattacks, including ones that let them completely take over devices. Some key takeaways are:
- Android devices are more vulnerable because of Android messaging – a popular RCS client.
- Android messaging is vulnerable because Android devices may not validate domains and certificates as thoroughly as competitors.
- Risks include caller ID spoofing, the interception of data, location tracking, and other malicious activities.
- Brute force codes can be used to validate RCS users, enabling account takeovers.
SRLabs suggests that “The underlying issue is that the RCS client, including the official Android messaging app, does not properly validate that the server identity matches the one provided by the network during the provisioning phase.”
Many business leaders see these kinds of risks and begin to worry. If a single employee falls victim to an RCS attack, the data on their device could be significantly compromised. With company insights, emails, and more stored on these devices – it could lead to a disastrous security breach.
- Ensuring that user Identity and authentication are enforced on devices and across apps and services.
- Client identities are validated, and client information is a priority for security.
- Enforcing a chain of trust and only allowing for connections to trusted domains and certificates.
- Filtering content and prioritising information security.
Companies can also apply rate limiting and authenticate users with SIM and secure elements. Strong OTP verification codes and single-sign-on can also be enforced to reduce risk.
If you have any questions about RCS security, and how to ensure that your company is reducing their risk leading into 2020, contact MOQdigital today.