620

Feds Warn SMS Authentication Is Unsafe After ‘Worst Hack in Our Nation’s History’ (gizmodo.com)

submitted 2 days ago by return2ozma@lemmy.world to c/technology@lemmy.world

129 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Scolding7300@lemmy.world 2 points 2 days ago* (last edited 2 days ago)

What vulnerability? I thought RCS is encrypted on transit

[-] conciselyverbose@sh.itjust.works 9 points 2 days ago

RCS doesn't really do a whole lot of anything. It's a step up from SMS/MMS, but not by much.

All the features people think they mean when they're talking about RCS are proprietary Google extensions that only work if you go through Google's servers. They're basically exactly the same as Apple putting iMessage on top; Apple just brags about it while Google tries to trick you into thinking incompatibility is someone else's fault for not giving them control.

[-] Scolding7300@lemmy.world 2 points 1 day ago

I was under the impression Apple already allows RCS, and that RCS is E2EE, I was wrong.

[-] conciselyverbose@sh.itjust.works 4 points 1 day ago

Apple did add RCS in one of the iOS 18 updates.

It's just only E2EE when routed through Google.

[-] AA5B@lemmy.world 5 points 2 days ago

Usually I’ll defend Apple on this, but yes it’s a step up from SMS, and Apple is a big reason RCS hadnt been widely adopted as a replacement, and incremented to include more features.

I’m definitely on Googles side here: years of no one doing anything until “fine, I’ll take care it myself”

[-] conciselyverbose@sh.itjust.works 3 points 2 days ago

Apple didn't bother because it sucks. It's not an actual solution (or path to one) for messaging not to be a dumpster fire.

Google "did it itself" exclusively for control. It's exactly the same as their browser behavior.

[-] desktop_user 0 points 1 day ago

it at least allows larger files than mms* and has reactions.

*size may vary significantly with MMS and is rarely if ever communicated.

[-] sugar_in_your_tea@sh.itjust.works 1 points 2 days ago* (last edited 2 days ago)

Why would you defend Apple? It's just a stupid form of lock-in, it was at the start, and it always will be.

If you want security, use an app that provides security. RCS does a little to protect against MITM attacks, unless that MITM is your OS vendor.

[-] AA5B@lemmy.world 1 points 2 days ago

Article is about phone company being hacked, so there’s a good chance that even if we had non-proprietary encryption, they’d be able to read it

[-] sugar_in_your_tea@sh.itjust.works 2 points 2 days ago

That's precisely what E2EE is supposed to prevent. If the phone company gets hacked, attackers can see all the traffic going through all of their towers, so if everything is encrypted before getting to the towers, they can't see the contents. IIRC, metadata like phone numbers can be read though, so they can see who you're talking to, but they can't see what you're saying.

The phone manufacturer, however, can see everything before it's encrypted and after it's decrypted.

this post was submitted on 20 Dec 2024

620 points (100.0% liked)

Technology

60042 readers

2116 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago

MODERATORS