Technology

37362 readers

280 users here now

Rumors, happenings, and innovations in the technology sphere. If it's technological news or discussion of technology, it probably belongs here.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

113

New vulnerability in SMS messaging could expose smartphone users' location to hackers, researcher says (arxiv.org)

submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/[email protected]

35 comments fedilink hide all child comments

Evangelos Bitsikas, who is pursuing a PhD in cybersecurity at the Northwestern University in the US, applied a new machine-learning program to data gleaned from the SMS system of mobile devices.

Receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender. Bitsikas developed an ML model enabling the SMS sender to determine the recipient's location with a 96% accuracy for locations across different countries, the researcher says in a study.

The basic idea is that a hacker would send multiple text messages to the target phone, and the timing of each automated delivery reply creates a fingerprint of the target's location. These fingerprints have ever been there but weren't a problem until Bitsikas' group used ML to develop an algorithm capable of reading them. They can be fed into the machine-learning model, which then responds with the predicted location.

According to the researcher, it doesn't matter whether or not the communication is encrypted.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 11 months ago (1 children)

Silent SMS are working as designed. There is a reason they are called silent.

[–] [email protected] 15 points 11 months ago

There is no such thing as a "silent SMS" in any standard. There are different classes of SMS messages and modern phones don't display all of them, but they're just messaging that are part of a wider networked system.

The real issue is that these messages are not being filtered out by carriers. There is no need for consumers to exchange unsaveable (emergency) SMS messages, these things should be blocked and rejected the moment they reach the SMS system from an unauthorized sources.