One issue identified on an unnamed carrierʼs implementation could allow any app on your phone to download your RCS configuration file, for example, giving the app your username and password and allowing it to access all your voice calls and text messages. In another case, the six-digit code a carrier uses to verify a userʼs identity was vulnerable to being guessed through brute force by a third-party. These problems were found after researchers analyzed a sample of SIM cards from several different carriers.
RCS is supposed to be a big deal. It’s fascinating how these system-wide policies can be messed up in microsystem implementations.