Title: Upgrade Your Device Now: FBI's iPhone and Android Warning Post-Attacks
Last month, the spotlight was on the tech sphere with the FBI's caution to iPhone and Android users to cease texting due to a Chinese hacker attack on U.S. networks. Surprisingly, the vulnerability wasn't just with plain text SMS, but also the much-hyped RCS, now adopted by both Apple and Android. The big question now is when users can safely resume texting. Recent leaks hint at an imminent solution.
The issue stemmed from the lack of end-to-end encryption within RCS's core technology itself. Google addressed this flaw by encrypting RCS messages between Google Messages users. However, the encryption disappears when communicating with RCS users on other apps or iPhones, where Apple's iMessage encryption only operates within its walled garden.
Despite this known issue, the FBI and U.S. cyberdefense agency only warned against texting and advocated for end-to-end encrypted messaging and calls "wherever possible." This concern was already apparent when Apple introduced RCS in iOS 18 last fall. Google and GSMA, the mobile standards setter, announced plans to add end-to-end encryption to RCS, albeit a concrete timeline remains elusive.
Recent investigations by Android Authority suggest that the latest Google Messages beta supports MLS encryption, a crucial step towards end-to-end encryption across different apps and platforms. Although MLS group chat support isn't available yet, it seems that the feature is on its way to Google Messages.
While the standard RCS protocol requires an upgrade, the responsibility largely falls on Google as the main driver behind RCS's growth. Apple, despite its reluctance, has adopted RCS, albeit with minimal enthusiasm.
MLS, or Messaging Layer Security, is an IETF-supported initiative aimed at providing end-to-end encryption. Initially, it seemed Google was focusing on group chats, but recent developments hint at a broader scope. Android Authority reveals that the codename for MLS encryption within Google Messages is 'Zinnia.'
Currently, RCS messaging lacks end-to-end encryption by default, with Google's implementation being an exception. GSMA is working on end-to-end encryption for RCS, but the implementation timeline remains unclear.
For Android and iPhone users who are hesitant to switch to messaging platforms like Signal or WhatsApp as advised by the U.S. government, these developments bring welcome reassurance. However, specific timelines are still unavailable, leaving users in a wait-and-see mode.
The FBI and RCS both issued warnings about the security vulnerabilities in texting due to the Chinese hacker attack. The vulnerability affected both Android and iPhone users, not just SMS but also RCS. The FBI urged users to consider end-to-end encrypted messaging and calls wherever possible. Google started encrypting RCS messages between Google Messages users, but not when communicating with other platforms or iPhones.