RCS can allow hackers to intercept OTPs and take control of critical accounts

This is a demonstration video showing how,
after having stolen a victim’s mobile network config file and configuring settings so the
attacker receives all messages sent to the victim, a hacker can steal a “one time password”
message to gain access to a victim’s Gmail account. On the right, we see the screen of the victim’s
device and the victim’s Gmail account the attacker wishes to take over. The attacker begins the password recovery
sequence and prepares for Google to send the victim a “one time password” message to their
phone. Now the attacker, with a tool, makes use the
victim’s already stolen config file to connect to the RCS server, set the “SMS-over-IP” flag,
and then waits for the incoming SIP message. The attacker now requests that Google send
a “one time password” by text. After a few seconds the attacker receives
the “one time password” Google has sent. The attacker does not acknowledge the message,
which means it is then passed on to the victim’s device as well. Moving quickly, the attacker can now use this
“one time password” to take over the victim’s Gmail account and reset the account’s main
password to gain control.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *