RCS - Rich Communication Services Cellular Communication Protocol

RCS (Rich Communication Services) is a protocol for communication between cellular operators, as well as between operators and devices, developed by the GSM association in 2008.

Unlike the obsolete SMS - it was first tested back in 1992 - RCS allows not only to exchange individual messages, but also to chat on two or more users, exchange files and content, make audio and video calls, exchange geolocation data, send audio messages, keep a black list.

The disadvantages of RCS include the lack of end-to-end encryption of transmitted messages (it is, for example, in Apple iMessage), as a result of which the owner of RCS servers can access user correspondence.

SMS (Short Message Service)

Main article: Short Message Service - SMS

History

2021: Verizon together with Google implements RSC message standard

On July 21, 2021, it became known that, Verizon a major American mobile operator, communications announced cooperation with on the Google introduction of the Rich Communications Service (RCS) message standard for its customers - users in OS Android. USA More here

2019

"Killer" SMS was through "hole"

The RCS protocol, which should replace, SMS is implemented on - Androidsmartphones in an unsafe way. This was reported London in at the Black Hat conference by security researchers from SRLabs, writes in December 2019, " Wired^[1]

Google is implementing the protocol - the company announced its launch in November 2019 - and some telecom operators. At the same time, they make mistakes, thanks to which attackers will be able to intercept text messages and calls made via RCS, as well as change their content. To do this, the hacker just needs to connect to the same Wi-Fi that the victim uses and use several simple tricks.

According to SRLabs founder Karsten Nohl, a vulnerability specialist in telephone systems, RCS is no more secure than the SS7 protocol, which was developed back in the 70s and is still used by operators to transmit calls and messages. Recall that this protocol has long been known for its vulnerability to data interception, so services like iMessage and WhatsApp are forced to eliminate this problem using end-to-end encryption.

Nol claims that Google has moved all SS7 problems to RCS. Therefore, the current implementation of RCS makes it not much safer than the SMS system, which the protocol should replace. At the conference, researchers from SRLabs gave examples of several vulnerabilities that appeared during the implementation of RCS by telecom operators and Google.

What attacks are possible

One of the vulnerabilities is the following. The phone provides its credentials for authentication on the carrier's RCS server, and subsequently the server uses its IP address and phone number as identifiers. Thanks to this, an attacker who knows the user's phone number and is connected to the same Wi-Fi can impersonate this user using these identifiers. A colleague who uses the same office Wi-Fi, or just a person sitting at a nearby table in a cafe, can act as a hacker here.

In addition, the researchers showed that current RCS implementations are vulnerable to human-in-the-middle attacks. If a hacker controls a malicious Wi-Fi network or ISP network, he can change the domain name of the system request that the phone uses to search for the RCS server transmitting data from sender to recipient.

The Android application, designed to exchange messages over RCS, of course, checks TLS certificates received from servers, but in fact it is satisfied with any valid certificate. That is, this is a rather meaningless check - as if the guard checked the visitor's face with a photo on his documents, instead of checking whether his name is on the list, explained Nol.

Another vulnerability is the acquisition of initial RCS device settings. When the phone first registers with the RCS, it downloads the configuration file with the credentials. But to download this file, it is enough for the device to identify itself using the IP address that the operator will associate with this phone number. As a result, any malware that works on the phone can log in from this IP address, steal credentials and begin to impersonate this user.

Telecom operators are trying to protect themselves from this by sending a one-time password to the phone. But SRLabs found that some operators did not limit the number of attempts to guess this password. It'll take the hacker about five minutes to pick him up. After that, he can steal the configuration file and begin to intercept all user messages and calls made by RCS.

GSM Association, which is developing RCS, reported that it has already solved some of these problems, but did not specify which ones. The association insists that these are problems only of implementation, and not of the protocol itself. Nol replies that, in so many cases, implementation problems are already becoming problems of the standard itself, especially given that its implementation to date has reached about a billion users.

Google begins phased implementation of RCS

On November 15, 2019, it became known that the corporation Google began a phased implementation of a messaging standard called RCS, which is intended to replace. SMS RCS support is implemented in at the operating system Android level of built-in " applications Messages" (Android Messages). Since November 14, 2019, the technology is available to Android users USA for free. More. here

It is noteworthy that Google Microsoft they provided full support for RCS in earlier versions OS Android and in the OS of the family (Windows starting with the version). Windows 8 Devices for Apple November 2019 do not support the standard.

The four largest US mobile operators decided to abandon SMS

The four largest US mobile operators - AT&T, Verizon, T-Mobile, and Sprint - made a statement in October 2019 that they intend to replace SMS with a messaging standard called RCS. To this end, the operators are going to create a joint venture called Cross-Carrier Messaging Initiative (CCMI). The^[2].

By next year, the joint venture should release a messaging application for Android, which will use RCS. The Verge resource suggests that this default application will be used to exchange messages on all Android smartphones that are sold in the stores of these operators.

The application will implement all RCS capabilities. In particular, a special indicator will show the user that his interlocutor is typing a message. It will also be possible to conduct full-fledged group chats and attach high-quality attachments to messages.

2018

Samsung and Google promote the RCS standard

On September 12, 2018, it became known that Samsung and Google entered into a partnership with the aim of jointly promoting the RCS messaging standard, which should replace SMS. Support for the standard will be added to Samsung smartphones starting with the Galaxy S8 and S8 +. At the same time prilozheniyaandroid Messages and Samsung Messages will become compatible with each other.

Thanks to this, users will be able to transfer messages through Wi-Fi, conduct group chats, see information about a message like "prints" and "read," exchange photos and video files in high quality, etc. Support for RCS solutions of both companies will be added to various platforms, including cloud and intended for business.

Google and Samsung have already created joint RCS solutions for some Samsung smartphones. We are talking about devices such as S8, S8 +, S8 Active, S9, S9 +, Note 8 , Note 9 and some models of the A and J series running Android 9.0 or higher.

Depending on the specific market or operator, RCS support may not be available. The latest models of the Galaxy line already support RCS if supported by the carrier.

Developers who create RCS messaging tools based on the GSMA Universal Profile 2.0 release using Messaging-as-a-Platform (MaaP) Google or Samsung services will be able to offer other business messaging standards to Android Messages and Samsung Messages users.

Google and Microsoft provided RCS support in Android and Windows 8.

Unlike SMS, this protocol allows not only to exchange individual messages, but also to chat on two or more users, exchange files and content, use IP calls and video calls, exchange location data, send audio messages, keep a blacklist on the network, etc. ^[3].

Google will equip Android Messages with RCS messaging technology

As it became known on April 23, 2018, the corporation Google is working on the creation of Chat technology, which should replace the short message service () SMS on devices under control. operating system Android The corporation suspended development messenger Allo and sent all available resources for refinement - for Android Messages applications messaging according to the RCS (Rich Communication Services) standard. It is assumed that Chat functionality will be integrated into Messages, and mobile operators will provide the service to the end user.

As of April 2018, Google managed to enlist the support of 55 operators, including all representatives of the Big Russian Four - MTS, Bilain, Megafon and Tele2.

2016: Adoption of Unified RCS Universal Profile 1.0 Protocol Standard

A single protocol standard - RCS Universal Profile 1.0 - was adopted only in 2016 due to the large number of association members GSM and many disagreements between them. The standard is also known as Advanced Messaging, Advanced Communications, joyn, Message + and SMS+.

In 2016, with the advent of the first version of the Universal Profile 1.0 universal RCS profile, 47 operators and 11 manufacturers of equipment joined the initiative, including Samsung, Huawei, Lenovo, LG, HTC, Asus, Alcatel, etc.

2015: All IP Interconnect Russia Group for IMS, VoLTE and RCS Implementation

In November 2015, Russian operators, in cooperation with the GSM association, formed the All IP Interconnect Russia working group, whose task was to introduce IMS, VoLTE and RCS technologies.^[4]

Notes