For anybody who cares they exploited a long known issue with SMS, which by extension makes RCS vulnerable as well and it lets them man in the middle the process. Once they get into a tower they intentionally corrupt new RCS messages causing the SMS failover, that failover process exposes the phone number which they can then use against the RCS details to get the phones IMEI and EID which lets them clone and intercept all Voice, SMS, and RCS traffic. The only notification the user may get after being attacked is a “There was a problem delivering this message, resend as SMS?” But regardless of what they choose it’s already done, but even that message isn’t guaranteed because if the hardware on the tower is fast enough or the load is lite enough they can break it and pass it along before any timeout occurs.



Many security agencies have been warning about this for years, it’s not new, the US Government took it seriously enough to force the replacement and removal of insecure cellular stations around military bases and government institutions, but they couldn’t force the hand of the telecommunications providers to do the same for everybody else.



But China doing this or having the capability to do this has been documented going as far back as 2014.



You can also break the RCS encryption from then onwards when they aren’t using a compromised tower simply by spoofing the devices public IP address.



SMS by its nature is not nor was it ever designed to be a secure communications platform.

RCS was similarly never designed to be a secure platform, it just had some security features bolted on after the fact, but they are woefully inadequate and always have been.