CVE-2023-21220: Outdated communication methods burden modern Androids (29th June 2023)

Preface: Since the official announcement did not contain details. Perhaps the situation describe here is one of the possible reasons for encountering such vulnerabilities.

Background: SMS messages are sent in plain text. Rich Communications Services (RCS) is a communication protocol that will ultimately replace MMS and SMS messages on Android devices.
Android Pie (codenamed Android P during development), also known as Android 9 (API 28) is the ninth major release and the 16th version of the Android mobile operating system. It was first released as a developer preview on March 7, 2018, and was released publicly on August 6, 2018.
Android 8.0 places limitations on what apps can do while users aren’t directly interacting with them. Apps are restricted in two ways:
Background Service Limitations and Broadcast Limitations.
On the other hand, The system distinguishes between foreground and background apps. Foreground app is connected to the app, either by binding to one of its services or by making use of one of its content providers. For example, the app is in the foreground if another app binds to its: Voice or text service.
So, if Android users forget to turn on the RCS function. Their text messages will be read through a man-in-the-middle attack.

Vulnerability details: there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264590585References: N/A

Official announcement: For details, please refer to the link –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.