Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Encryption Android IOS

RCS Messaging Adds End-to-End Encryption Between Android and iOS (engadget.com) 13

Posted by msmash from the moving-forward dept.
The GSM Association has released new specifications for RCS messaging incorporating end-to-end encryption (E2EE) based on the Messaging Layer Security protocol, six months after iOS 18 introduced RCS compatibility.

The specifications ensure messages remain secure between Android and iOS devices, making RCS "the first large-scale messaging service to support interoperable E2EE between client implementations from different providers," said GSMA Technical Director Tom Van Pelt.

The system combines E2EE with SIM-based authentication to strengthen protection against scams and fraud. Apple confirmed it "helped lead a cross industry effort" on the standard and will implement support in future software updates without specifying a timeline. Google's RCS implementation has featured default E2EE since early 2024.

RCS Messaging Adds End-to-End Encryption Between Android and iOS More | Reply

RCS Messaging Adds End-to-End Encryption Between Android and iOS

Comments Filter:

  • It's good to see some action after the FBI's warning [forbes.com].

    Now, if we can get solutions for smishing and vendors using SMS for 2FA we'd be much better off.

  • I wonder how long before the UK Government want a backdoor

    • Re: (Score:2)

      by ls671 ( 1122017 )

      I suspect it might already be backdoored by design. The only way I know to send a truly message encrypted is by using the recipient public key to encrypt it. Then, the recipient decrypts it using his private key only himself is supposed to have. Not sure that "end to end" RCS does that,

      It would need to have to have some kind of key management system. I guess your phone could first send a RCS message asking for his public key, then send the encrypted message. Anyway, I'd like to know more about how it works

      • Or you can just read the RFC:

        https://www.rfc-editor.org/rfc... [rfc-editor.org]

        And if in doubt, do your own implementation based on that. Or use OpenMLS:

        https://github.com/openmls/ope... [github.com]

        Side note: Strange how apple claims to be "leading" here given MLS is derived from the signal protocol, which their solution isn't at all similar to and has various known weaknesses that signal doesn't share, nor do they appear to have contributed to MLS in any way. Maybe just typical apple face saving shit over their stage 5 NIH syndrome?

      • I suspect it might already be backdoored by design. The only way I know to send a truly message encrypted is by using the recipient public key to encrypt it. Then, the recipient decrypts it using his private key only himself is supposed to have. Not sure that "end to end" RCS does that,

        If you know that, do you think Apple and Google don't? That's also exactly how iMessage works. The only difference is that at least two different companies must comply to the standard well enough that it works with phones from different manufacturers, but the problem is long solved.

  • I certainly trust the SIM that my carrier gave me to serve only my goals

    • Re: (Score:2)

      by ichthus ( 72442 )
      Interesting. I hadn't considered the fact that RCS, like SMS, is routed from ph# to ph#, so the carrier is necessarily involved -- it's not over the internet? So, what's the transport layer? Does it ride atop of MMS, or is it something else entirely?
    • It's plain SIP. It's MSRP instead of RTP. Not sure why the SIM is in the picture.

      • The key has to be stored somewhere. If you switch phones, you don't want people sending you messages you can't decrypt.

        • The key has to be stored somewhere. If you switch phones, you don't want people sending you messages you can't decrypt.

          That's a job for google and Apple. The sender would not just use the public key that they used the last time; they would ask for a new public key. On iOS, if you make a backup for your phone to a Mac and restore from there for example to a new phone, secret keys can also be stored and restored. Google may have something similar. If you switch between iPhone and Android phones you probably have to create a new public key.

      • It's plain SIP. It's MSRP instead of RTP. Not sure why the SIM is in the picture.

        Checking the SIM card is just another security feature. End to end encryption means I can send a message to you, and only you can read it. Checking the SIM card gives you more security that the message actually came from me, and that it isn't a message from a scammer that only you can read. And it gives me more security that I'm sending a message to you and not to a scammer.

  • RSCS (Score:2)

    by TheBAFH ( 68624 )
    I misparsed that as RSCS [wikipedia.org] messaging... :-)

Slashdot Top Deals

C Code. C Code Run. Run, Code, RUN! PLEASE!!!!

Close