
The successor of SMS has already been hacked - kerm1t
https://www.vice.com/en_us/article/j5ywxb/rcs-rich-communications-services-text-call-interception
======
notlukesky
When did carriers ever get anything tech based right? In fact to expect them
is wrong as their business model is very different to a tech company. They are
beneficiaries of law-bound limited duopolies or oligopolies. In most countries
the only audience they care for are the regulators, and not consumers or their
security and safety. Regulatory capture is a wonderful thing for these
companies and not for consumers.

~~~
gimmedanger
... he said, while his comment posted correctly, in the moment he wanted,
because the tech behind the posting ability was Right.

~~~
allovernow
Statistically most likely from a ≈25-100mb US connection while developed
countries the world over have had gigabit for a decade...

Our internet is quite a bit behind because telcos in this country don't have
to meaningfully compete. Plenty of legislation has cemented their market
dominance through artificial (and unnecessary) barriers to entry with
practically no accountability for shoddy service and infrastructure. Remember
when Verizon received billions in subsidies to bring fiber to NY in the late
00s and ran off with the money with no penalty?

[https://www.wired.com/story/new-york-city-verizon-
internet/](https://www.wired.com/story/new-york-city-verizon-internet/)

~~~
tialaramex
Gigabit is not important, remember when you could finally buy a 10MW
electrical feed for your home and how much it improved your quality of life...
Right that didn't happen because it is not important at all. Running 100W to
homes means people can have electric light, 1kW means they can have motorised
appliances, and 10kW makes cooking and heating practical... But 10MW? You had
no need for it, so it didn't happen.

Likewise more bandwidth enabled applications only up to a point, 40Mbps DSL is
perfectly good for watching TV and so on. I had Gigabit on someone else's dime
back at the turn of the century and when I bought service for my current home
I not only didn't enquire what it would cost to run Gigabit here, I didn't
even choose the expensive 80Mbps option, I already know 40Mbps is fine. What
mattered most even going from dial-up to 1Mbps DSL wasn't bandwidth, it was
Always On. The Network's omnipresence is what matters.

Fibre matters to some extent for infrastructure, same way it matters what a
bridge is built from. Fibre coms doesn't attract thieves, not subject to RF
interference, lots of benefits for infrastructure projects, but Gigabit
Internet for the home? Not important.

~~~
npo9
Receiving two 4K streams is ~50mbps. This is a pretty common modern use case
for home internet.

At 1000mbps downloading any file takes roughly the same time, regardless of
size. Offsite storage becomes practical for multimedia files.

Not every home benefits from 1000mbps, but it’s very possible to be a home
that does. I don’t have a lot of data stored on disks in my home, because I
know I can always download it quickly, even if the filesize is 100gb.

~~~
mantap
Also most people in the west don't worry about overloading their home's
electrical supply by connecting too many devices. That _is_ equivalent to a
gigabit connection.

A 100Mbit connection would be equivent to maybe a 4kW home supply in a
temperate climate - probably enough for the average user but only just you'd
still have to watch your usage.

Additionally the real benefit to FTTH is not bandwidth but ping which _is_
noticeable. And no sane operator is installing FTTH with sub-gigabit capacity
because it's a complete waste of time and money.

------
kerm1t
Disclosure: I work for SRLabs, the company who did this research.

You can find more infos on our blog release: [https://srlabs.de/bites/rcs-
hacking/](https://srlabs.de/bites/rcs-hacking/)

~~~
panpanna
Great work!

So this is mostly on Google's implementation? Or is RCS insecure in general?

~~~
sojmq
TFA:

>SRLabs didn't find an issue in the RCS standard itself, but rather how it is
being implemented by different telecos

~~~
panpanna
Yeah, but on the very next sentence:

> Because some of the standard is undefined...

------
m-p-3
And of course, RCS is not even end-to-end-encrypted so there is no reason
whatsoever to use it over SMS or any other messaging platform.

I hope we'll see a good and federated instant-messaging platform that respects
privacy and is easy to adopt.

~~~
srgpqt
Such as.... email?

~~~
michaelt
E-mail doesn't have end-to-end encryption either. PGP doesn't count.

~~~
inetknght
TLS isn't end-to-end encryption?

~~~
capitol_
Not in email. End-to-end here means that noone except sender and reciever can
read the content. With tls and email you send it to a server which can read
it, not to the enduser.

------
Jonnax
Telecoms companies operate with license in the countries they operate.

The concept of "lawful intercept" is baked into any product they build,
operate or sell.

That's just how it works.

~~~
theelous3
Worked in b2b voip, same there.

------
konschubert
Telcos should focus on being dump pipes and leave the application layer to
others.

Going into messages or even content is nothing but a rent seeking attempt to
exploit a missing net neutrality mandate.

~~~
gorgoiler
Devil’s advocate: it’ll never change because where’s the money in being the
provider of dumb pipes?

More to the point, if you’re a publicly traded company with stock price and
future earnings based off on this kind of rent seeking being priced into your
valuation, and let’s also say you desperately wanted to do some the honorable
thing and ramp operations down to _dumb pipe_ level, how could the markets and
shareholders ever let you do that?

The Ma Bells of this world are in over their heads and it’s hard to see things
change without state intervention (a politically sensitive topic over in the
UK, but that could get pretty off topic.)

~~~
scarface74
Sure it can change. Apple is a model with iMessage. Google could build a
messaging protocol that fell back to SMS/MMS if necessary.

If you want to know why Android still doesn’t have a standard messaging app or
a standard video chat app, blame the incompetence of Google who has a half
dozen failed messaging initiatives under its belt. Once it was dominant on
Android, google could also release an app for iOS.

~~~
ThatPlayer
That theoretical Google messaging protocol wouldn't make a big difference
because Google wouldn't be able to push it to every Android manufacturer,
because of anti-trust laws. As long as manufacturers do not package it with
every phone, and carriers don't want them to package it, it'll never happen.

~~~
scarface74
But they all install the Google Play Store. How hard would it be for Google to
have a big banner when you open the Play Store “Get the Google Messaging App
for a better experience.”

------
jeffnappi
It's so unfortunate that Google couldn't stay focused and make Hangouts
competitive with iMessage. I would guess that the issue stems from Hangouts'
legacy code base that harkens back to Google Talk. However, it appears their
3rd(?) attempt to replace it with RCS/Messages is failing once again.

Google engineers if you're listening - FIX AND IMPROVE HANGOUTS AND STOP
WASTING YOUR EFFORTS ON NEW MESSAGING PROJECTS

~~~
jiqiren
You can’t get promoted at Google by maintaining an existing product. Only
building a new one. (I’ve heard that over and over from friends that
work/worked at google).

Yes, this is antidotal...

~~~
deadmutex
I have seen plenty of people that work on existing products like Chrome,
Gmail, etc. get promoted. I also have witnessed people successfully going from
L4->L5 as SWEs without launches. I had to see to believe it, and I have seen
it. That said, Google is a GIANT company, and other people might have
different experiences.

Disclosure: I work at Google.

~~~
sieabahlpark
It's probably just not as fast as being able to hop diagonally instead of
vertically

------
Stubb
Why this when applications like Telegram, Signal, etc. already exist? That
ship has sailed…

~~~
burpsnard
There's arguably a market for commoditised secure messaging/queueing, baked
into the standard radio silicon, that's a few steps ahead of sms.. Finance,
email, voicemail, etc. P2P.

~~~
Stubb
I read your comment as "There's arguably a market for compromised
messaging/queueing…" And there is by repressive governments every!

------
SlowRobotAhead
Typical headline of a VICE article. “HACKED”... “implemented with errors by
some telcos”.

------
tus88
Successor according to who?

~~~
egwynn
According to most telcos. It appears to be the next “default” messaging
service for (non-Apple) mobile users.

~~~
tus88
So SMS will be actually removed as a service?

~~~
sixothree
On some phones it will not be the default messaging service.

------
heavymark
Hard to call it a successor of SMS when have the world uses iOS which does not
and currently has no plans to support it. So more just another service rather
than a replacement for SMS which is a way for all phones to communicate with
each other.

~~~
hocuspocus
The world is bigger than the US.

~~~
katbyte
More then just people in the US use iPhones?

~~~
tialaramex
Outside the US the iPhone is not a common choice. It does exist, but most
people don't have one. This makes Apple's social lock-in markedly less
effective.

~~~
ansgri
While in RoW iPhones are definitely luxury items, by this very property about
half (or more) of people whose decisions matter would have one, and you often
wouldn’t want to use technology that doesn’t work on your bosses’ phone.

~~~
theelous3
Is this a troll? You think half of the world's decision makers are in the US?

~~~
spatular
I think he meant that in 3-rd world countries iPhones are luxury items bought
by rich people in position of power.

------
Sami_Lehtinen
I thought MMS. Did someone miss something?

