July 18th, 2024

AT&T Breach Shows Why RCS Can't Be Trusted

The article criticizes AT&T data breach, questions RCS encryption, and advocates for secure messaging with end-to-end encryption. It discusses Apple's RCS support, law enforcement access concerns, and challenges in modern messaging platforms.

Read original articleLink Icon
AT&T Breach Shows Why RCS Can't Be Trusted

The article discusses the recent AT&T data breach and criticizes the RCS protocol for lacking end-to-end encryption, highlighting the risks associated with non-secure messaging platforms. It questions Apple's decision to support RCS in iOS 18, emphasizing the importance of encryption in messaging services. The author argues that new messaging platforms should prioritize end-to-end encryption to protect user privacy. Additionally, the article mentions concerns about law enforcement access to unencrypted communications and criticizes carrier-based messaging for its reliance on SIM cards and lack of cross-device functionality. The piece also touches on the debate surrounding the role of carrier-based messaging in the era of modern messaging apps like iMessage, Signal, and WhatsApp, advocating for secure and universally accessible communication platforms. The article concludes by discussing security issues with Signal's Mac client and Meta's reluctance to develop a native iPad app for WhatsApp, highlighting the complexities of ensuring data security and accessibility in messaging services.

Link Icon 7 comments
By @aesh2Xa1 - 4 months
Hm, the breach contained metadata, but not message contents. RCS does not attempt to defend against metadata surveillance.

Is the author's point, simplified, "any centralized collection of communications data, unencrypted, is vulnerable?" They mention E2EE, but even some of those still present centralized, unencrypted metadata.

By @bearjaws - 4 months
If anything RCS has shown people will use the encryption buzz word like it's some silver bullet of security.

Unless you are the only holder of the key, encryption is typically useless in a hack.

Go ask every healthcare breach and they will tell you the data was encrypted...

If RCS was encrypted there is a 99% chance att would have the keys easily accessible.

By @kevincox - 4 months
I really don't understand why people want to tie their messaging to their mobile service provider. This seems best as two jobs for two companies. Then I can switch either at will.

1. Mobile internet access.

2. Messaging.

By @retrocryptid - 4 months
i'm a fan of E2EE, but the AT&T hack did not involve intercepting RCS messages. It's sort of like saying "Chewbacca is a Wookie, therefore you shouldn't use RCS."
By @Someone - 4 months
FTA: “the argument against RCS is strong and simple: it doesn’t support end-to-end encryption”

“SMS and traditional telephone voice calls lack any encryption at all, but they’re firmly established. Just like email. But anything new should only be supported if it’s fundamentally based on E2EE.”

“Perhaps, someday, the RCS spec will support an open standard for E2EE. I’m not holding my breath for that. For one thing, industry consortiums tend not to produce good solutions to hard problems, and an open standard for E2EE messaging is a very hard problem.”

So, they argue

- new communication standards must be end-to-end encrypted

- that open end-to-end encrypted standards cannot be developed

If both are true any new communication standards must be proprietary.

I don’t think that’s a conclusion shared by society.

By @eqvinox - 4 months
Use Signal, problem solved? headscratch