Extra dangerous information immediately hits cellular customers
This month has been marked by the extraordinary revelations that Chinese language state-linked hackers have been marauding via U.S. networks, harvesting person name and textual content metadata and in some instances their content material as effectively. The consequence—an unprecedented warning from the FBI for Android and iPhone customers to cease sending texts.
The backdrop to this story has been the equally unprecedented iPhone messaging replace that has lastly introduced RCS to Apple’s billion-plus customers. Whereas Google has hailed this as “no extra blurry images,” that has been rapidly overtaken by occasions. I highlighted RCS’s safety weaknesses earlier than, throughout and after Apple’s launch, however now the FBI has ensured that everybody is absolutely conscious that’s the case.
The protection has been that an end-to-end encrypted RCS replace is coming quickly. However the brand new dangerous information for Android and iPhone customers is that this safety replace just isn’t going to be seen anytime quickly. “Work with key trade stakeholders is progressing effectively,” based on a GSMA spokesperson cited by CNBC, “and we stay up for updating the market within the coming months.” The italics are mine.
This has been painted as surprisingly dangerous information. “Regardless of [the] FBI Warning, RCS encryption might take months,” reported PC Magazine, whereas Android Authority warned “Android and Apple customers—crucial RCS messaging safety remains to be months away regardless of FBI warning.” All of which implies, defined Tom’s Information, that “Apple and Android customers… ought to look to different chat apps to speak.”
In actuality, that is completely anticipated. As I reported when GSMA and Google first touted an end-to-end encrypted RCS replace in September, “until that is already in check, I wouldn’t be holding my breath, ready for it to show up anytime quickly.”
If you happen to truly take a look at what occurred submit Apple’s launch as regards this RCS safety improve, it got here throughout as reactive. There was loads of criticism over the shortage of cross-platform safety, to which GSMA responded by immediately asserting “the following main milestone is for the RCS Common Profile so as to add essential person protections akin to interoperable end-to-end encryption… the primary deployment of standardized, interoperable messaging encryption between totally different computing platforms, addressing vital technical challenges.”
Google added its voice into the combo: “We consider that E2EE is a crucial element of safe messaging, and we now have been working with the broader ecosystem to convey cross-platform E2EE to RCS chats as quickly as potential.”
In the meantime, Apple mentioned nothing.
If this was a collaboration between Apple and Google to bridge iMessage and Google Messages, it might take months. However it’s not. It’s an replace to the core RCS protocol itself, and so it should mandate adjustments all through its structure. It should have to be examined after which discover its method right into a restricted beta, then a full beta, earlier than turning into usually accessible in an OS launch. iOS 19 is on the earliest?
Don’t maintain your collective breath for this to repair the Salt Hurricane drawback.
Google Messages was gradual to undertake end-to-end encryption itself, solely including this into the combo as soon as it had wrestled management of the RCS rollout from the carriers. After which it was deployed piece by piece, which took appreciable time.
And these “months” will show costly, as a result of Individuals have been urged to make use of encrypted platforms the place potential by federal companies. WhatsApp has already been constructing a head of steam within the U.S., making this newest information a present for Meta.
Apple has been quiet all through this course of and hasn’t mentioned a lot on RCS, aside from to warn that it’s not safe. “Apple’s implementation of RCS relies on the trade’s commonplace. RCS messages aren’t end-to-end encrypted, which implies they don’t seem to be shielded from a third-party studying them whereas they’re despatched between gadgets.”
It’s not clear what occurs now or when it occurs, however within the meantime, if you happen to haven’t already switched to a safe messenger, then achieve this now. There’s nonetheless time for Apple and Google to take management of this example, as they did throughout covid, however there’s no indicators of that occuring but. And the clock is ticking…